CVE-2007-1406 Information

Description

Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain \unsafe\ situations which has unknown impact and remote attack vectors.

Reference

http://trac.edgewall.org/wiki/ChangeLog