Search for vulnerabilities
Vulnerability details: VCID-1wpr-67nb-aaas
Vulnerability ID VCID-1wpr-67nb-aaas
Aliases CVE-2017-17476
Summary Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before 5.0.26, and 6.0.x before 6.0.3, when cookie support is disabled, might allow remote attackers to hijack web sessions and consequently gain privileges via a crafted email.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17476.html
epss 0.00870 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00870 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00870 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00870 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00870 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00870 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00870 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00870 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00870 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00870 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00870 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00870 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.00938 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.01058 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.01058 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.01058 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.01058 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
epss 0.01906 https://api.first.org/data/v1/epss?cve=CVE-2017-17476
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17476
generic_textual Medium https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
generic_textual Medium https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
generic_textual Medium https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2017-17476
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2017-17476
generic_textual Medium https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17476.html
https://api.first.org/data/v1/epss?cve=CVE-2017-17476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17476
https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953
https://lists.debian.org/debian-lts-announce/2017/12/msg00018.html
https://www.debian.org/security/2017/dsa-4069
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
884801 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884801
cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:otrs:otrs:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVE-2017-17476 https://nvd.nist.gov/vuln/detail/CVE-2017-17476
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-17476
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-17476
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.82848
EPSS Score 0.00870
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.