Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2951

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2008-2951
Last Modified 01 Mar 2010 12:00:00
Published 27 Jul 2008 06:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2951

Summary

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.

Vulnerable Systems

Application

  • Trac 0.10

  • Trac 0.10.1

  • Trac 0.10.2

  • Trac 0.10.3

  • Trac 0.10.3.1

  • Trac 0.10.4

  • Trac 0.5

  • Trac 0.5.1

  • Trac 0.5.2

  • Trac 0.6

  • Trac 0.6.1

  • Trac 0.7

  • Trac 0.7.1

  • Trac 0.8

  • Trac 0.8.1

  • Trac 0.8.2

  • Trac 0.8.3

  • Trac 0.8.4

  • Trac 0.9

  • Trac 0.9.1

  • Trac 0.9.2

  • Trac 0.9.3

  • Trac 0.9.4

  • Trac 0.9.5

  • Trac 0.9.6


References

FEDORA - FEDORA-2008-6833

FEDORA - FEDORA-2008-6830

XF - trac-quickjump-uri-redirect(44043)

BID - 30402

OSVDB - 46513

CONFIRM - http://trac.edgewall.org/wiki/ChangeLog

SECUNIA - 31314

MISC - http://holisticinfosec.org/content/view/72/45/


Last Updated: 27 May 2016 10:48:02