CVE-2007-1406
published 2007-03-10CVE-2007-1406: Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and…
PriorityP430critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
1.34%
67.8th percentile
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | trac | < trac 0.10.4-1 (sid) | trac 0.10.4-1 (sid) |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | — | — |
| edgewall_software | trac | >= 0 < 0.10.4-1 | 0.10.4-1 |
| edgewall_software | trac | >= 0 < 0.10.3.1 | 0.10.3.1 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2007-1406: trac - Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying ...
vendor_debian·2007·CVSS 10.0
CVE-2007-1406 [CRITICAL] CVE-2007-1406: trac - Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying ...
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
Scope: local
sid: resolved (fixed in 0.10.4-1)
trixie: resolved (fixed in 0.10.4-1)
GHSA
Trac missing Content-Disposition HTTP header
ghsa·2022-05-01
CVE-2007-1406 [MEDIUM] Trac missing Content-Disposition HTTP header
Trac missing Content-Disposition HTTP header
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
OSV
Trac missing Content-Disposition HTTP header
osv·2022-05-01
CVE-2007-1406 [MEDIUM] Trac missing Content-Disposition HTTP header
Trac missing Content-Disposition HTTP header
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
OSV
CVE-2007-1406: Trac before 0
osv·2007-03-10·CVSS 10.0
CVE-2007-1406 [CRITICAL] CVE-2007-1406: Trac before 0
Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2007-03-10
Published