Red Hat Bugzilla – Bug 439932
CVE-2008-1515 otrs SOAP authentications allows to get remote access without valid SOAP user
Last modified: 2008-04-24 07:17:11 EDT
ommon Vulnerabilities and Exposures assigned an identifier CVE-2008-1515 to the following vulnerability:
SOAP authentications allows to get remote access without valid SOAP user
Missing security checks allows remote SOAP connections to get access
to OTRS without valid SOAP user.
This vulnerability allows an remote attacker to read and modify objects
via the OTRS SOAP interface.
Affected by this vulnerability are all releases of OTRS 2.1.0 up
to and including 2.2.5.
This vulnerability is fixed in OTRS 2.1.8 and OTRS 2.2.6.
As a workaround you can remove the file bin/cgi-bin/rpc.pl or
update bin/cgi-bin/rpc.pl from cvs to version 1.6
otrs-2.1.5-4.fc7 has been submitted as an update for Fedora 7
otrs-2.1.5-4.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: