| Vulnerability Name: | CVE-2006-5878 (CCN-30146) | ||||||||
| Assigned: | 2006-11-09 | ||||||||
| Published: | 2006-11-09 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. This vulnerability is addressed in the following product release: Edgewall Software, Trac, 0.10.1 | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-5848 Source: MITRE Type: CNA CVE-2006-5878 Source: CCN Type: Trac Web site The Trac Project - Trac Source: CCN Type: SA22789 Trac Cross-Site Request Forgery Vulnerability Source: SECUNIA Type: UNKNOWN 22789 Source: SECUNIA Type: UNKNOWN 22868 Source: SECUNIA Type: UNKNOWN 23357 Source: GENTOO Type: UNKNOWN GLSA-200612-14 Source: MISC Type: UNKNOWN http://trac.edgewall.org/ticket/4049 Source: CCN Type: The Trac Project Web site ChangeLog Source: CONFIRM Type: Patch http://trac.edgewall.org/wiki/ChangeLog Source: DEBIAN Type: Patch DSA-1209 Source: DEBIAN Type: DSA-1209 trac -- cross-site request forgery Source: CCN Type: GLSA-200612-14 Trac: Cross-site request forgery Source: CCN Type: OSVDB ID: 30129 Trac Unspecified CSRF Source: VUPEN Type: UNKNOWN ADV-2006-4422 Source: XF Type: UNKNOWN trac-unspecified-csrf(30146) Source: XF Type: UNKNOWN trac-unspecified-csrf(30146) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||