CVE-2009-4405 [High] | Security Vulnerability in Trac

Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the 'raw' role that is missing in docutils < 0.6."

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-03-30	1.12%	0.57%	-0.55%
2	2025-03-29	0.57%	1.12%	+0.55%
3	2025-03-17	—	0.57%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-03-30

1.12%

0.57%

-0.55%

2025-03-29

0.57%

1.12%

+0.55%

2025-03-17

—

0.57%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.5	2.0	HIGH	`AV:N/AC:L/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	10.0	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.5

2.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

10.0

6.4

[email protected]

OS Trackers for CVE-2009-4405

vendor	priority	summary	link
`debian`	low	CVE-2009-4405 low priority: Debian including 1 source packages (trac), 2 status rows across 2 suites (sid, trixie): resolved 2.	https://security-tracker.debian.org/tracker/CVE-2009-4405
`ubuntu`	low	CVE-2009-4405 low priority: Ubuntu including 1 source packages (trac), 10 status rows across 10 suites (dapper, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, upstream): not-affected 4, ignored 3, released 3.	https://ubuntu.com/security/CVE-2009-4405

Affected software / configurations for CVE-2009-4405

Vendor	Product	Version	Raw CPE
edgewall	trac	<= 0.11.5	cpe:2.3:a:edgewall:trac::::::::
edgewall	trac	0.5	cpe:2.3:a:edgewall:trac:0.5:::::::*
edgewall	trac	0.5.1	cpe:2.3:a:edgewall:trac:0.5.1:::::::*
edgewall	trac	0.5.2	cpe:2.3:a:edgewall:trac:0.5.2:::::::*
edgewall	trac	0.6	cpe:2.3:a:edgewall:trac:0.6:::::::*
edgewall	trac	0.6.1	cpe:2.3:a:edgewall:trac:0.6.1:::::::*
edgewall	trac	0.7	cpe:2.3:a:edgewall:trac:0.7:::::::*
edgewall	trac	0.7.1	cpe:2.3:a:edgewall:trac:0.7.1:::::::*
edgewall	trac	0.8	cpe:2.3:a:edgewall:trac:0.8:::::::*
edgewall	trac	0.8.1	cpe:2.3:a:edgewall:trac:0.8.1:::::::*
edgewall	trac	0.8.2	cpe:2.3:a:edgewall:trac:0.8.2:::::::*
edgewall	trac	0.8.3	cpe:2.3:a:edgewall:trac:0.8.3:::::::*
edgewall	trac	0.8.4	cpe:2.3:a:edgewall:trac:0.8.4:::::::*
edgewall	trac	0.9	cpe:2.3:a:edgewall:trac:0.9:::::::*
edgewall	trac	0.9.1	cpe:2.3:a:edgewall:trac:0.9.1:::::::*
edgewall	trac	0.9.2	cpe:2.3:a:edgewall:trac:0.9.2:::::::*
edgewall	trac	0.9.3	cpe:2.3:a:edgewall:trac:0.9.3:::::::*
edgewall	trac	0.9.4	cpe:2.3:a:edgewall:trac:0.9.4:::::::*
edgewall	trac	0.9.5	cpe:2.3:a:edgewall:trac:0.9.5:::::::*
edgewall	trac	0.9.6	cpe:2.3:a:edgewall:trac:0.9.6:::::::*
edgewall	trac	0.10	cpe:2.3:a:edgewall:trac:0.10:::::::*
edgewall	trac	0.10	cpe:2.3:a:edgewall:trac:0.10:beta1::::::
edgewall	trac	0.10	cpe:2.3:a:edgewall:trac:0.10:rc1::::::
edgewall	trac	0.10.1	cpe:2.3:a:edgewall:trac:0.10.1:::::::*
edgewall	trac	0.10.2	cpe:2.3:a:edgewall:trac:0.10.2:::::::*
edgewall	trac	0.10.3	cpe:2.3:a:edgewall:trac:0.10.3:::::::*
edgewall	trac	0.10.3	cpe:2.3:a:edgewall:trac:0.10.3:rc1::::::
edgewall	trac	0.10.3.1	cpe:2.3:a:edgewall:trac:0.10.3.1:::::::*
edgewall	trac	0.10.4	cpe:2.3:a:edgewall:trac:0.10.4:::::::*
edgewall	trac	0.10.5	cpe:2.3:a:edgewall:trac:0.10.5:::::::*
edgewall	trac	0.11	cpe:2.3:a:edgewall:trac:0.11:::::::*
edgewall	trac	0.11	cpe:2.3:a:edgewall:trac:0.11:b1::::::
edgewall	trac	0.11	cpe:2.3:a:edgewall:trac:0.11:b2::::::
edgewall	trac	0.11	cpe:2.3:a:edgewall:trac:0.11:rc1::::::
edgewall	trac	0.11	cpe:2.3:a:edgewall:trac:0.11:rc2::::::
edgewall	trac	0.11.1	cpe:2.3:a:edgewall:trac:0.11.1:::::::*
edgewall	trac	0.11.2	cpe:2.3:a:edgewall:trac:0.11.2:::::::*
edgewall	trac	0.11.2.1	cpe:2.3:a:edgewall:trac:0.11.2.1:::::::*
edgewall	trac	0.11.3	cpe:2.3:a:edgewall:trac:0.11.3:::::::*
edgewall	trac	0.11.4	cpe:2.3:a:edgewall:trac:0.11.4:::::::*
edgewall	trac	0.11.4	cpe:2.3:a:edgewall:trac:0.11.4:rc1::::::
edgewall	trac	0.11.4	cpe:2.3:a:edgewall:trac:0.11.4:rc2::::::
edgewall	trac	0.11.5	cpe:2.3:a:edgewall:trac:0.11.5:rc1::::::
edgewall	trac	0.11.5	cpe:2.3:a:edgewall:trac:0.11.5:rc2::::::
edgewall	trac	0.50.9	cpe:2.3:a:edgewall:trac:0.50.9:::::::*

References for CVE-2009-4405

URL	Tags
http://secunia.com/advisories/37807	Vendor Advisory
http://secunia.com/advisories/37901	Vendor Advisory
http://trac.edgewall.org/browser/tags/trac-0.11.6/RELEASE
http://www.vupen.com/english/advisories/2009/3615	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=542394
https://exchange.xforce.ibmcloud.com/vulnerabilities/54983
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01169.html

URL

CVE-2009-4405

Exploit prediction scoring system (EPSS) score for CVE-2009-4405

Common vulnerability scoring system (CVSS) metrics for CVE-2009-4405

Weakness enumeration for CVE-2009-4405

GitHub Security Advisory for CVE-2009-4405

OS Trackers for CVE-2009-4405

Affected software / configurations for CVE-2009-4405

References for CVE-2009-4405