CVE-2007-1406: Trac before 0.10.3.1 does not send a Content-Disposition HTTP header s ...

Severity: Critical

CVSS Score: 5.3

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.