CVE-2008-2951 - OpenCVE

Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Edgewall	Trac
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:edgewall:trac:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:8:::::::*
	cpe:2.3:o:fedoraproject:fedora:9:::::::*

References

Link	Resource
http://holisticinfosec.org/content/view/72/45/	Broken Link
http://secunia.com/advisories/31314	Broken Link Vendor Advisory
http://trac.edgewall.org/wiki/ChangeLog	Release Notes
http://www.osvdb.org/46513	Broken Link
http://www.securityfocus.com/bid/30402	Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/44043	Third Party Advisory VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html	Mailing List
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html	Mailing List

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-07-27T22:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-06-30T00:00:00

Link: CVE-2008-2951

JSON object: View

NVD Information

Status : Analyzed

Published: 2008-07-27T22:41:00.000

Modified: 2024-02-09T02:30:37.427

Link: CVE-2008-2951

JSON object: View

Redhat Information

No data.

CWE

CWE-601

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-30T00:00:00", "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2008-6833", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html"}, {"name": "46513", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/46513"}, {"name": "FEDORA-2008-6830", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html"}, {"name": "trac-quickjump-uri-redirect(44043)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44043"}, {"name": "30402", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30402"}, {"name": "31314", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31314"}, {"tags": ["x_refsource_MISC"], "url": "http://holisticinfosec.org/content/view/72/45/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.edgewall.org/wiki/ChangeLog"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2951", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2008-6833", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html"}, {"name": "46513", "refsource": "OSVDB", "url": "http://www.osvdb.org/46513"}, {"name": "FEDORA-2008-6830", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html"}, {"name": "trac-quickjump-uri-redirect(44043)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44043"}, {"name": "30402", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30402"}, {"name": "31314", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31314"}, {"name": "http://holisticinfosec.org/content/view/72/45/", "refsource": "MISC", "url": "http://holisticinfosec.org/content/view/72/45/"}, {"name": "http://trac.edgewall.org/wiki/ChangeLog", "refsource": "CONFIRM", "url": "http://trac.edgewall.org/wiki/ChangeLog"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2951", "datePublished": "2008-07-27T22:00:00", "dateReserved": "2008-06-30T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:edgewall:trac:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6C4CEF3-92F7-4344-9833-7CBCEF16E94F", "versionEndExcluding": "0.10.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*", "matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*", "matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function."}, {"lang": "es", "value": "Una vulnerabilidad de Redireccionamiento Abierto en el script de b\u00fasqueda en Trac anterior a versi\u00f3n 0.10.5, permite a los atacantes remotos redireccionar a los usuarios a sitios web arbitrarios y conducir ataques de phishing por medio de una URL en el par\u00e1metro q, posiblemente relacionada con la funci\u00f3n quickjump."}], "id": "CVE-2008-2951", "lastModified": "2024-02-09T02:30:37.427", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2008-07-27T22:41:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://holisticinfosec.org/content/view/72/45/"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/31314"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "http://trac.edgewall.org/wiki/ChangeLog"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.osvdb.org/46513"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/30402"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44043"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}