CVE-2007-1406 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2007-1406

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain unsafe situations, which has unknown impact and remote attack vectors.

Affected Software

Name	Vendor	Start Version	End Version
Trac	Edgewall_software	0.10 (including)	0.10 (including)
Trac	Edgewall_software	0.10.1 (including)	0.10.1 (including)
Trac	Edgewall_software	0.10.2 (including)	0.10.2 (including)
Trac	Edgewall_software	0.10.3 (including)	0.10.3 (including)
Trac	Ubuntu	dapper	*
Trac	Ubuntu	devel	*
Trac	Ubuntu	edgy	*
Trac	Ubuntu	feisty	*
Trac	Ubuntu	gutsy	*
Trac	Ubuntu	hardy	*
Trac	Ubuntu	intrepid	*
Trac	Ubuntu	jaunty	*
Trac	Ubuntu	karmic	*

References

http://trac.edgewall.org/wiki/ChangeLog
http://trac.edgewall.org/wiki/ChangeLog