Trac Quickjump Function URI Redirection Vulnerability

Bugtraq ID:	30402
Class:	Input Validation Error
CVE:	CVE-2008-2951
Remote:	Yes
Local:	No
Published:	Jul 28 2008 12:00AM
Updated:	Apr 13 2015 10:25PM
Credit:	Russ McRee
Vulnerable:	Trac Trac 0.10.4 Trac Trac 0.10.3 Trac Trac 0.9.6 Trac Trac 0.9.5 Trac Trac 0.9.4 Nortel Networks VPN Router 1010 0.9.3
Not Vulnerable:	Trac Trac 0.10.5

Trac Quickjump Function URI Redirection Vulnerability

Trac is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit may aid in phishing-style attacks.

Versions prior to Trac 0.10.5 are vulnerable.

Trac Quickjump Function URI Redirection Vulnerability

An attacker can exploit this issue by enticing an unsuspecting victim into following a malicious URI.

Trac Quickjump Function URI Redirection Vulnerability

Solution:
The vendor has released Trac 0.10.5 to address this issue. Please see the references for more information.


Trac Trac 0.10.3

• Trac trac-0.10.5.tar.gz
  http://ftp.edgewall.com/pub/trac/trac-0.10.5.tar.gz

Trac Trac 0.10.4

• Trac trac-0.10.5.tar.gz
  http://ftp.edgewall.com/pub/trac/trac-0.10.5.tar.gz

Nortel Networks VPN Router 1010 0.9.3

• Trac trac-0.10.5.tar.gz
  http://ftp.edgewall.com/pub/trac/trac-0.10.5.tar.gz

Trac Trac 0.9.4

• Trac trac-0.10.5.tar.gz
  http://ftp.edgewall.com/pub/trac/trac-0.10.5.tar.gz

Trac Trac 0.9.5

• Trac trac-0.10.5.tar.gz
  http://ftp.edgewall.com/pub/trac/trac-0.10.5.tar.gz

Trac Trac 0.9.6

• Trac trac-0.10.5.tar.gz
  http://ftp.edgewall.com/pub/trac/trac-0.10.5.tar.gz

Trac Quickjump Function URI Redirection Vulnerability

References:

• Trac Changelog (Trac)
  
• Trac Homepage (Trac)