CVE-2017-17476 in Ubuntu

CVE-2017-17476

Priority

Description

Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26,
and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote
attackers to hijack web sessions and consequently gain privileges via a
crafted email.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17476
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884801

Notes

Package

Source: otrs2 (LP Ubuntu Debian)

Upstream:	released (6.0.3-1)
Ubuntu 18.04 LTS:	not-affected (6.0.3-1)
Ubuntu 20.04 LTS:	not-affected (6.0.3-1)
Ubuntu 21.10:	not-affected (6.0.3-1)
Ubuntu 22.04 LTS:	not-affected (6.0.3-1)
Ubuntu 14.04 ESM:	DNE (trusty was needed)

Patches:

More Information

Updated: 2022-06-10 14:01:03 UTC (commit 22cd97abab61e5eccab4070a258ab5d6a94b972b)