CVE-2008-2951

MEDIUM

Edgewall Trac < 0.10.5 - Open Redirect

Title source: rule

Description

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.

References (8)

[Broken Link] http://holisticinfosec.org/content/view/72/45/

[Broken Link, Vendor Advisory] http://secunia.com/advisories/31314

[Release Notes] http://trac.edgewall.org/wiki/ChangeLog

[Broken Link] http://www.osvdb.org/46513

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/30402

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44043

[Mailing List] https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html

[Mailing List] https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html

Scores

CVSS v3 6.1

EPSS 0.0060

EPSS Percentile 69.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-601

Status draft

Affected Products (4)

edgewall/trac < 0.10.5

fedoraproject/fedora

pypi/trac < 0.10.5PyPI

Timeline

Published Jul 27, 2008

Tracked Since Feb 18, 2026