CVE-2017-17476 — HIGH (8.8)

Q: How severe is CVE-2017-17476?

CVE-2017-17476 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-17476?

Check the references section above for vendor advisories and patch information. Affected products include: Otrs Otrs, Debian Debian Linux.

Vulnerability Description

Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Otrs	Otrs	>= 4.0.0, < 4.0.28
Debian	Debian Linux	7.0

Related Weaknesses (CWE)

CWE-200

References

https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66ebPatchThird Party Advisory
https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fcPatchThird Party Advisory
https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00018.htmlMailing ListThird Party Advisory
https://www.debian.org/security/2017/dsa-4069Third Party Advisory
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/PatchVendor Advisory
https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66ebPatchThird Party Advisory
https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fcPatchThird Party Advisory
https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00018.htmlMailing ListThird Party Advisory
https://www.debian.org/security/2017/dsa-4069Third Party Advisory
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/PatchVendor Advisory

FAQ

What is CVE-2017-17476?

CVE-2017-17476 is a vulnerability with a CVSS score of 8.8 (HIGH). Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequentl...

How severe is CVE-2017-17476?

CVE-2017-17476 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-17476?

Check the references section above for vendor advisories and patch information. Affected products include: Otrs Otrs, Debian Debian Linux.