Detections
Analytics

Trac quickjump Search Script q Parameter Arbitrary Site Redirect

medium Nessus Plugin ID 33271

Language:

Synopsis

The remote web server contains a Python script that is affected by a cross-site redirection vulnerability.

Description

The remote host is running Trac, an enhanced wiki and issue tracking system for software development projects.

The version of Trac installed on the remote host fails to sanitize user input to the 'q' parameter of the 'search' script before using it in an unfiltered and unmanaged fashion in a redirect. An attacker may be able to use an open redirect such as this to trick people into visiting malicious sites, which could lead to phising attacks, browser exploits, or drive-by malware downloads.

Solution

Upgrade to Trac version 0.11.0 / 0.10.5 or later.

See Also

http://www.nessus.org/u?a7d63198

http://www.nessus.org/u?b3acece6

http://www.nessus.org/u?eefccce4

Plugin Details

Severity: Medium

ID: 33271

File Name: trac_quickjump_xsr.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 6/30/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2008-2951

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Reference Information

CVE: CVE-2008-2951

BID: 30402

CWE: 20