The target is running at least one instance of osTicket 1.2.7 or earlier. Such versions are subject to a denial of service attack in open.php if osTicket is configured to receive mails using aliases. If so, a remote attacker can generate a mail loop on the target by opening a ticket with the support address as the contact email address. For details, see : - http://www.osticket.com/forums/showthread.php?t=301 ***** OVS has determined the vulnerability exists on the target ***** simply by looking at the version number(s) of osTicket installed ***** there. It has no way of knowing which method osTicket uses to ***** retrieve mail.
Configure osTicket to receive mail using POP3.
- ZNC NULL Pointer Dereference Denial Of Service Vulnerability
- Sun VirtualBox or xVM VirtualBox Denial Of Service Vulnerability (Linux)
- Oracle VM VirtualBox Local Denial of Service Vulnerability-01 Oct2013 (Windows)
- ngIRCd SSL/TLS Support MOTD Request Multiple Denial Of Service Vulnerabilities
- TYPSoft FTP Server 'APPE' and 'DELE' Commands DOS Vulnerability