[VIM] CVE-2005-4003 - ASPS - description identifies wrong bug type
security curmudgeon
jericho at attrition.org
Fri Feb 10 22:18:17 EST 2006
: Some VDBs have mentioned both XSS and SQL injection as vectors. While
: the issue smells like it could be both (e.g. SQL injection enabling XSS
: in error messages), it could be that these VDBs mentioned the SQL
: injection due to CVE's mistaken description. The only original source
: information I have is XSS.
:
: ======================================================
: Name: CVE-2005-4003
: Status: Candidate
: URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4003
: Reference: MISC:http://pridels.blogspot.com/2005/12/asps-shopping-cart-professional-and.html
: Reference: BID:15694
: Reference: URL:http://www.securityfocus.com/bid/15694
The blog has no mention of SQL still, and BID covers XSS. Know off hand
which VDBs picked up or reported the SQL issue?
More information about the VIM
mailing list