Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 7 Dec 2010 14:58:32 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: vanilla forums before 2.0.10, xss


----- "Steven M. Christey" <coley@...us.mitre.org> wrote:
> >
> > As for the "linkbait" issue, I have no clue. Nothing in git seems to
> > point at that.
> >
> > Steve, does MITRE have a precedent for such a thing?
> 
> The vendor is calling it a "vulnerability" which is good enough to assign
> a CVE to, as a different vuln type than XSS.
> 
> My guess is that it's open redirect, which is used to redirect users away
> from the site towards spam or malware.  Just a guess, though.
> 

Let's use CVE-2010-4266 then.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ