CVE-2008-2951

Опубликовано: 27 июл. 2008

Источник: nvd

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.

Ссылки

http://holisticinfosec.org/content/view/72/45/
Broken Link
http://secunia.com/advisories/31314
Broken Link
Vendor Advisory
http://trac.edgewall.org/wiki/ChangeLog
Release Notes
http://www.osvdb.org/46513
Broken Link
http://www.securityfocus.com/bid/30402
Broken Link
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44043
Third Party Advisory
VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html
Mailing List
http://holisticinfosec.org/content/view/72/45/
Broken Link
http://secunia.com/advisories/31314
Broken Link
Vendor Advisory
http://trac.edgewall.org/wiki/ChangeLog
Release Notes
http://www.osvdb.org/46513
Broken Link
http://www.securityfocus.com/bid/30402
Broken Link
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44043
Third Party Advisory
VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html
Mailing List

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:edgewall:trac:*:*:*:*:*:*:*:*

Версия до 0.10.5 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.006

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

CVE-2008-2951

CVSS3: 6.1

ubuntu

больше 17 лет назад

CVE-2008-2951

CVSS3: 6.1

debian

больше 17 лет назад

Open redirect vulnerability in the search script in Trac before 0.10.5 ...

GHSA-rcmj-xp8f-f6q4

CVSS3: 6.1

github

почти 4 года назад

Trac Open Redirect vulnerability

EPSS

Процентиль: 69%

0.006

Низкий

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601