|
|
 |
| New User, Welcome! Login |
Re: iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability
| From: |
security curmudgeon <jericho attrition org> |
| To: |
bugtraq securityfocus com |
| Cc: |
secalert_us oracle com, CVE <cve mitre org> |
| Subject: |
Re: iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration Server login.php Command Injection Vulnerability |
| Date: |
Wed - Jan 14, 2009 10:51 PM |
iDefense, CVE or Oracle;
The two iDefense advisories present a bit of confusion over the CVE
assignments and number of vulnerabilities. There appear to be two
vulnerabilities (login.php and common.php) that may have 3 CVE numbers
assigned. Could anyone clarify?
First advisory, mail list post and original jibe suggesting common.php
issue is CVE-2008-5449:
iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration
Server login.php Command Injection Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2009-01/0111.html
The vulnerability is in a function of common.php which is called from the
login.php page.
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-5449 to this issue.
Oracle Secure Backup Administration Server login.php Command Injection
Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=769
The vulnerability is in a function of common.php which is called from the
login.php page.
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-5449 to this issue.
Second advisory, mail list post and original do not match, mentioning
CVE-2008-4006 and then CVE-2008-5448 for what appear to be login.php and
common.php. This implies that common.php may have had two CVE assigned:
iDefense Security Advisory 01.13.09: Oracle Secure Backup Administration
Server login.php Command Injection Vulnerability
http://archives.neohapsis.com/archives/bugtraq/2009-01/0110.html
The first vulnerability is in "php/login.php".
The second vulnerability is in "php/common.php".
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2008-4006 to this issue.
Oracle Secure Backup Administration Server login.php Command Injection
Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=768
The first vulnerability is in "php/login.php".
The second vulnerability is in "php/common.php".
The Common Vulnerabilities and Exposures (CVE) project has assigned the
names CVE-2008-4006 and CVE-2008-5448 to this issue.
Any clarification would be appreciated.
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
