|
|
|
|
|
|
|
| |
Fedora 9 2008-6833 |
|
| This script is Copyright (C) 2008-2010 Tenable Network Security, Inc. |
|
|
| Family | Fedora Local Security Checks |
| Nessus Plugin ID | 33767 (fedora_2008-6833.nasl) |
| Bugtraq ID |
|
| CVE ID | CVE-2008-2951
CVE-2008-3328
|
|
| Description: |
Synopsis :
The remote host is missing the patch for the advisory FEDORA-2008-6833.
Description :
Trac is an integrated system for managing software projects, an
enhanced wiki, a flexible web-based issue tracker, and an interface to
the Subversion revision control system. At the core of Trac lies an
integrated wiki and issue/bug database. Using wiki markup, all objects
managed by Trac can directly link to other issues/bug reports, code
changesets, documentation and files. Around the core lies other
modules, providing additional features and tools to make software
development more streamlined and effective.
Update Information:
Update to 0.10.5 to fix two non-critical security issues: CVE-2008-2951:
Open redirect vulnerability in the search script in Trac before 0.10.5 allows
remote attackers to redirect users to arbitrary web sites and conduct phishing
attacks via a URL in the q parameter. CVE-2008-3328: Cross-site scripting
(XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote
attackers to inject arbitrary web script or HTML via unknown vectors.
Solution :
Update the affected package(s) using, for example, 'yum update'.
Risk factor :
Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
|
|
|
|
|
|
