VDB
CVE-2017-17476
CVE-2017-17476
PUBLISHED
Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
EPSS 0.91% · 76.2th percentile
Risk Scores
EPSS Score
0.91%
76.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | otrs2 | 0, 4.0.10-1, 5.0.1-1 |
Exploit Intelligence
- https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953 (circl)
- https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/ (circl)
- https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc (circl)
- DSA-4069 (circl)
- [debian-lts-announce] 20171220 [SECURITY] [DLA 1215-1] otrs2 security update (circl)
- https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb (circl)
Timeline
- Dec 20, 2017 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-17476 third-party-advisory
- https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/ third-party-advisory
- https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb third-party-advisory
- https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc third-party-advisory
- https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-17476 third-party-advisory