CVE-2008-7281 Information

Description

Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field.

Reference

http://bugs.otrs.org/show_bug.cgi?id=1882 http://bugs.otrs.org/show_bug.cgi?id=2814 http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807