Fedora 9 : trac-0.10.5-1.fc9 (2008-6833)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

Update to 0.10.5 to fix two non-critical security issues:
CVE-2008-2951: Open redirect vulnerability in the search script in
Trac before 0.10.5 allows remote attackers to redirect users to
arbitrary websites and conduct phishing attacks via a URL in the q
parameter. CVE-2008-3328: Cross-site scripting (XSS) vulnerability in
the wiki engine in Trac before 0.10.5 allows remote attackers to
inject arbitrary web script or HTML via unknown vectors.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=456874
http://www.nessus.org/u?415e70af

Solution :

Update the affected trac package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 33767 (fedora_2008-6833.nasl)

Bugtraq ID: 30400
30402

CVE ID: CVE-2008-2951
CVE-2008-3328

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now