FKIE_CVE-2009-4405

Vulnerability from fkie_nvd - Published: 2009-12-23 21:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the 'raw' role that is missing in docutils < 0.6."
References
cve@mitre.orghttp://secunia.com/advisories/37807Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/37901Vendor Advisory
cve@mitre.orghttp://trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/3615Vendor Advisory
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=542394
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/54983
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01169.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37807Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/37901Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/3615Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=542394
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/54983
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01169.html
Impacted products
Vendor Product Version
edgewall trac *
edgewall trac 0.5
edgewall trac 0.5.1
edgewall trac 0.5.2
edgewall trac 0.6
edgewall trac 0.6.1
edgewall trac 0.7
edgewall trac 0.7.1
edgewall trac 0.8
edgewall trac 0.8.1
edgewall trac 0.8.2
edgewall trac 0.8.3
edgewall trac 0.8.4
edgewall trac 0.9
edgewall trac 0.9.1
edgewall trac 0.9.2
edgewall trac 0.9.3
edgewall trac 0.9.4
edgewall trac 0.9.5
edgewall trac 0.9.6
edgewall trac 0.10
edgewall trac 0.10
edgewall trac 0.10
edgewall trac 0.10.1
edgewall trac 0.10.2
edgewall trac 0.10.3
edgewall trac 0.10.3
edgewall trac 0.10.3.1
edgewall trac 0.10.4
edgewall trac 0.10.5
edgewall trac 0.11
edgewall trac 0.11
edgewall trac 0.11
edgewall trac 0.11
edgewall trac 0.11
edgewall trac 0.11.1
edgewall trac 0.11.2
edgewall trac 0.11.2.1
edgewall trac 0.11.3
edgewall trac 0.11.4
edgewall trac 0.11.4
edgewall trac 0.11.4
edgewall trac 0.11.5
edgewall trac 0.11.5
edgewall trac 0.50.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:edgewall:trac:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15C9315F-4599-42C7-AC2E-733B355BEF07",
              "versionEndIncluding": "0.11.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F11B74FE-2B9D-4176-BF9E-BE5EC720DC9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "121CD1BA-66FA-43AF-BD0B-719A229FE7E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB7A12F-E8C3-409F-B66D-D9B79EE3F549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D1B7C9-6DCD-44AC-8F5B-8878B8B10D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DFE4AC5-5C01-409E-B601-7C26841206CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "75438665-AB66-43B6-B3D4-7A230527C6F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D8B6DDB-89C3-48F9-9BE2-510B2696CB10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F831B0E9-14FE-48CD-AD00-1C8F00CDD61D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "893346E1-E58C-40F9-B8D5-1C1579D3E547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9DAE9AC-7A24-4580-ABFF-B3B83EEDDF64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "47BB8FD4-B24A-402C-ADFB-5ADCE2E99E59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E0ED65-3794-44A5-AD41-79FB276ACEA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C8DD1C3-C397-4CB9-A6DD-CFD9A8E05695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFE3E736-75ED-4E6C-98EA-CFF9D656418E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB6BAD72-2E76-494A-964A-DA82D639E309",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF045F1D-DD6A-4457-9D5E-CAB04440695C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "922F5FF9-3082-42B0-90A9-FD5874692BC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD3A7066-6CDA-4D9B-A98F-27DC2F3E0E30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.9.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFCA3DBA-DA22-48A4-9F63-0D7DD50E9FA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E53BEE2-6B7A-4A35-8930-1BCFBA9F6369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.10:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "7B815335-9AFD-4704-B32C-DC4A1732741F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.10:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "F1DA9D02-915B-44E9-B9EC-D204C6CA3BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "28456B13-5080-469E-A5E5-9B65D4753B7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "91B51A70-0C29-41C5-93D5-D97FA41B82A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EFF8790-E56A-4384-936B-06DCA949F128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.10.3:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A9F145F7-35D6-45A4-89EA-CC6801AFB690",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.10.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9C5B39-406D-49A5-AB32-900A206EF0B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B26D34-4DF7-4686-A8F8-2229B80CA521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2140669-7B08-48EF-B794-941302E0AB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D51B5326-F1E1-451B-9C57-5CCB21769150",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11:b1:*:*:*:*:*:*",
              "matchCriteriaId": "C24EBF9D-45E5-420A-B8D6-B2DF7695C426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11:b2:*:*:*:*:*:*",
              "matchCriteriaId": "56FE11BC-B8AB-4B3C-9FB6-AC45C85BDFD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E644A7BC-56B1-49EF-A077-58E2A75FCBAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "5F4D92DA-EEC8-4872-BBF7-2DC4E32AA6E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA733A05-8141-41EE-9149-E38EB90B834F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95AC79AD-4A96-4715-9DF5-D29243483A2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "931CA41D-A60E-48B6-B983-534AF590678F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "78CD186E-9D7B-4C34-88ED-D4E5611E5551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8ED52D2-52DC-4305-8428-779A172268D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "CCF10D58-9333-4FF7-9B80-B4207DCB6F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "0114B61B-68B7-4D9E-B6D7-0104DAF38723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11.5:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "94FA4D47-C110-4695-AC11-BA522E5AAD2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.11.5:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E1B9C626-3AA7-4850-AD81-459CE645C614",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:edgewall:trac:0.50.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4434EB37-9681-43F8-A369-8B0CA100CCF5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) \"policy checks in report results when using alternate formats\" or (2) a \"check for the \u0027raw\u0027 role that is missing in docutils \u003c 0.6.\""
    },
    {
      "lang": "es",
      "value": "M\u00fatiples vulnerabilidades no especificadas en Trac versiones anteriores a v0.11.6 tienen impacto y vectores de ataque desconocidos, posiblemente relacionados con (1) \"verificaciones de pol\u00edticas en informes de resultados cuando se usan formatos alternativos\" o (2) una \"verificaci\u00f3n para el role \u0027raw\u0027 que no se encuentra en docutils \u003c 0.6\"."
    }
  ],
  "id": "CVE-2009-4405",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-23T21:30:00.217",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37807"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37901"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3615"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=542394"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54983"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01169.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37807"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/37901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/3615"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=542394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01169.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.