| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.GSO.4.51.0708161826060.11684@faron.mitre.org> Date: Thu, 16 Aug 2007 19:18:55 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: Pranay Kanwar <warl0ck@...aeye.org> Cc: full-disclosure@...ts.grok.org.uk, "Steven M. Christey" <coley@...re.org>, websecurity@...appsec.org Subject: Re: SecNiche : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos Vulnerability On Fri, 17 Aug 2007, Pranay Kanwar wrote: > Frankly i now feel, that its not SecNiche's fault entirely, it has got a > lot of encouragement from its past invalid and absurd claims. > > Such as > > _JWIG Context Dependent Template Calling Denial of Service Vulnerability._ > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3816 > http://www.securityfocus.com/bid/24974 > http://xforce.iss.net/xforce/xfdb/35515 I characterized this as a design limitation that could become an issue in applications that are written using JWIG, not JWIG itself: http://seclists.org/fulldisclosure/2007/Jul/0580.html Yet nobody followed up on this to dispute my assessment or agree with it. What is your opinion? > Also i am pretty sure the above links will stay forever and i don't suppose i > have to explain why. The CVEs will remain as a record of a report that was heavily disputed; unlike other vuln DBs, CVE and OSVDB don't just erase records when an issue is disputed. We want a provable resolution to such disputes, if one ever arises. - Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists