Описание
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
Комментарий
This vulnerability has been addressed by the following vendor update: http://trac.edgewall.org/wiki/TracDownload
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:edgewall_software:trac:0.10:*:*:*:*:*:*:*
cpe:2.3:a:edgewall_software:trac:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:edgewall_software:trac:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:edgewall_software:trac:0.10.3:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00444
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
ubuntu
больше 18 лет назад
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
debian
больше 18 лет назад
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header s ...
EPSS
Процентиль: 62%
0.00444
Низкий
10 Critical
CVSS2
Дефекты
NVD-CWE-Other