Sales North America +1 408 725 7501 | Europe +49 6172 6819 880 | Asia + 852 3690 1503
Skip navigation and go to main content
Security Advisory 2008-01
Security Advisory Details
- Date: Mar 31, 2008
- Title: Vulnerability in OTRS SOAP interface allows remote access without valid SOAP user
- Severity: Critical
- Affected:
- OTRS Help Desk 2.2.x
- OTRS Help Desk 2.1.x
- Fixed in:
- OTRS Help Desk 2.2.6
- OTRS Help Desk 2.1.8
- Not affected:
- OTRS Help Desk 2.0.x
- OTRS Help Desk 1.x.x
- Download a fixed release
- Common Vulnerabilities and Exposures: CVE-2008-1515
Vulnerability Description
This Advisory covers one vulnerability in the OTRS SOAP interface. SOAP authentications allows to get remote access without valid SOAP user Missing security checks allows remote SOAP connections to get access to OTRS without valid SOAP user. This vulnerability allows an remote attacker to read and modify objects via the OTRS SOAP interface. Affected by this vulnerability are all releases of OTRS 2.1.0 up to and including 2.2.5.
Recommended Resolution
This vulnerability is fixed in OTRS 2.1.8 and OTRS 2.2.6, and it is recommended to upgrade to one of these versions.
Workaround
As a workaround you can remove the file bin/cgi-bin/rpc.pl or update bin/cgi-bin/rpc.pl from cvs to version 1.6 (http://cvs.otrs.org/viewvc.cgi/otrs/bin/cgi-bin/rpc.pl).
Report a Vulnerability
© 2012 OTRS Inc. All rights reserved. All other trademarks and copyrights are the property of their respective owners. |
