|
Family: Denial of Service --> Category: infos
osTicket Support Address DoS Vulnerability Scan
Vulnerability Scan Summary Checks for Support Address DoS osTicket
Detailed Explanation for this Vulnerability Test
The target is running at least one instance of osTicket 1.2.7 or
earlier. Such versions are subject to a denial of service attack in
open.php if osTicket is configured to receive mails using aliases. If
so, a remote attacker can generate a mail loop on the target by opening
a ticket with the support address as the contact email address. For
details, see :
- http://www.osticket.com/forums/showthread.php?t=301
***** Nessus has acertaind the vulnerability exists on the target
***** simply by looking at the version number(s) of osTicket installed
***** there. It has no way of knowing which method osTicket uses to
***** retrieve mail.
Solution : Configure osTicket to receive mail using POP3.
Threat Level: None / High
Click HERE for more information and discussions on this network vulnerability scan.
|