Vulnerability CVE-2012-4751 - CERT Civis.Net

Vulnerability Name:

CVE-2012-4751 (CCN-79451)

Assigned:

2012-10-17

Published:

2012-10-17

Updated:

2018-08-13

Summary:

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2012-4751

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0145

Source: CCN
Type: Packetstorm Security Website
OTRS 3.1 Cross Site Scripting

Source: MISC
Type: UNKNOWN
http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html

Source: CCN
Type: SA51031
OTRS Email Body Script Insertion Vulnerability

Source: CCN
Type: Vulnerability Note VU#603276
OTRS contains a cross-site scripting vulnerability

Source: CERT-VN
Type: US Government Resource
VU#603276

Source: CONFIRM
Type: Vendor Advisory
http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2012-03/

Source: BID
Type: UNKNOWN
56093

Source: CCN
Type: BID-56093
OTRS Email Body CVE-2012-4751 HTML Injection Vulnerability

Source: CONFIRM
Type: Exploit
http://znuny.com/assets/proof_of_concept_cve_2012-4751-znuny.py

Source: CCN
Type: ZSA-2012-03
An attacker could trick a logged in user to execute malicious java script code by sending a prepared email into OTRS

Source: CONFIRM
Type: UNKNOWN
http://znuny.com/en/#!/advisory/ZSA-2012-03

Source: XF
Type: UNKNOWN
otrs-email-body-xss(79451)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-18-2012]

Source: CCN
Type: Open Ticket Request System Web Site
IT Service Management Software - Free Open Source Help Desk - Problem Management System - Customer Interaction Software | OTRS

Vulnerable Configuration:

Configuration 1:

cpe:/a:otrs:otrs:2.4.0:beta1:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.0:beta2:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.0:beta3:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.0:beta4:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.0:beta5:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.0:beta6:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.2:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.3:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.4:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.5:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.6:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.7:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.8:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.9:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.10:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.11:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.12:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.13:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:2.4.14:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.2:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.3:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.4:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.5:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.6:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.7:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.8:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.9:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.10:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.11:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.12:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.13:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.14:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.15:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.16:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:otrs:otrs:3.1.0:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.1.1:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.1.2:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.1.3:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.1.4:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.1.5:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.1.6:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.1.7:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.1.8:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.1.9:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.1.10:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:otrs:otrs:2.4.14:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.0.16:*:*:*:*:*:*:*

OR cpe:/a:otrs:otrs:3.1.10:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20124751	V	CVE-2012-4751	2022-06-30
oval:org.opensuse.security:def:113077	P	otrs-3.3.16-37.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106514	P	Security update for apache2 (Important) (in QA)	2022-01-10
oval:org.mitre.oval:def:18996	P	DSA-2733-1 otrs2 - SQL injection	2014-06-23
oval:com.ubuntu.precise:def:20124751000	V	CVE-2012-4751 on Ubuntu 12.04 LTS (precise) - medium.	2012-10-22
oval:com.ubuntu.trusty:def:20124751000	V	CVE-2012-4751 on Ubuntu 14.04 LTS (trusty) - medium.	2012-10-22
oval:com.ubuntu.xenial:def:201247510000000	V	CVE-2012-4751 on Ubuntu 16.04 LTS (xenial) - medium.	2012-10-22
oval:com.ubuntu.xenial:def:20124751000	V	CVE-2012-4751 on Ubuntu 16.04 LTS (xenial) - medium.	2012-10-22