Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 31 Jan 2015 22:05:36 -0500 (EST)
From: cve-assign@...re.org
To: felix@...but.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: RCE, XSS and HTTP header injection in fli4l web interface

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For the "execute arbitrary programs" issues, can you provide specific
names for the vulnerability types, or any equivalent information?
Examples of vulnerability types can be found on the
https://www.owasp.org/index.php/Category:Vulnerability and
http://cwe.mitre.org web sites. The paragraphs about
include/cgi-helper and admin/pf.cgi aren't sufficient to determine the
number of CVE IDs. For example, if one allows a SQL injection attack,
and the other allows an attack with a ';' or other shell
metacharacters, then they would have different CVE IDs. If both are
about shell metacharacters, then they would have the same CVE ID.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUzZebAAoJEKllVAevmvmsQswIAJYIvTJFKLacqs3onLqcLpSH
WwxlKT46XFAK6pz43OEpz72orYJkzcZsYUerSQYjhHSCrZE5QWcE+XG6f3oZ5LTQ
6UuWLZhSN5B2nYjv6D2VDy+PCdMdzXDyuULBN9WfhH3AozxSOKdJsilbONCEy4i0
DDSmGHkScXmZ6euqhRjsXx6MY5LkxaXVTKd4Sftc2k4KDuJANa7G1u3Lt9ziuf2s
9YZDSedfRDz1xnrbf0UTPHgc3VI1Cj3DF6G5sn9gLgvrQAkQNrZZwBSFZasNeG3u
QXO0iCaH+vjAMBKRasMCy/t4GdgItBJH6SiuP9YG4Slk8ICQDqu5gY8tS1yTS3o=
=Q8PG
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ