CVE-2007-1406

Опубликовано: 10 мар. 2007

Источник: debian

Описание

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
trac	fixed	0.10.3-1etch1	etch	package
trac	fixed	0.10.4-1		package

Примечания

Browser bug, only exploitable on IE, still fixed in a point release

Связанные уязвимости

CVE-2007-1406

ubuntu

почти 19 лет назад

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.

CVE-2007-1406

nvd

почти 19 лет назад

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.

GHSA-7jjr-3r8r-9pcf

CVSS3: 5.3

github

почти 4 года назад

Trac missing Content-Disposition HTTP header