CVE-2008-2951

EPSS 0.6%
Veröffentlicht 27.07.2008 22:41:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Edgewall ≫ Trac Version < 0.10.5

Fedoraproject ≫ Fedora Version8

Fedoraproject ≫ Fedora Version9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.669

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:N/I:P/A:P

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

http://trac.edgewall.org/wiki/ChangeLog

Release Notes

http://holisticinfosec.org/content/view/72/45/

Broken Link

http://secunia.com/advisories/31314

Vendor Advisory

Broken Link

http://www.osvdb.org/46513

Broken Link

http://www.securityfocus.com/bid/30402

Third Party Advisory

Broken Link

VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/44043

Third Party Advisory

VDB Entry

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html

Mailing List

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2008-2951

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-2951

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-2951

EUVD