1. CVE-Search
  2. CVE-2006-5878
ID CVE-2006-5878
Summary Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. This vulnerability is addressed in the following product release: Edgewall Software, Trac, 0.10.1
References
Vulnerable Configurations
  • cpe:2.3:a:edgewall_software:trac:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.9b1:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.9b1:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.9b2:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.9b2:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:*:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:*:*:*:*:*:*:*:*
  • cpe:2.3:a:edgewall_software:trac:0.50.9:*:*:*:*:*:*:*
    cpe:2.3:a:edgewall_software:trac:0.50.9:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 20-07-2017 - 01:34)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm http://trac.edgewall.org/wiki/ChangeLog
debian DSA-1209
gentoo GLSA-200612-14
misc http://trac.edgewall.org/ticket/4049
secunia
  • 22789
  • 22868
  • 23357
vupen ADV-2006-4422
xf trac-unspecified-csrf(30146)
Last major update 20-07-2017 - 01:34
Published 14-11-2006 - 19:07
Last modified 20-07-2017 - 01:34
Back to Top