CVE-2007-1406

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1820%

EPSS Percentile7.67th

PublishedMar 10, 2007

Last ModifiedApr 23, 2026

Vulnerability Description

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.

Affected Platforms (CPE)

📦

Edgewall Software

Trac

= 0.10

📦

Edgewall Software

Trac

= 0.10.1

📦

Edgewall Software

Trac

= 0.10.2

📦

Edgewall Software

Trac

= 0.10.3

References & Advisories

🔗 http://trac.edgewall.org/wiki/ChangeLog

Related Vulnerabilities

CVE-2019-10030678.8

Jenkins Trac Publisher Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewe...

CVE-2005-40657.5

SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL co...

CVE-2005-39807.5

SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execut...

CVE-2006-58787.5

Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized ...