[VIM] Minimizing error cascades in vulnerability information management
George A. Theall
theall at tenablesecurity.com
Tue Nov 7 16:02:32 EST 2006
Steven M. Christey wrote:
> Most of the recent disclosures for a WebSphere XSS issue
> (CVE-2006-2431) mention the "faultfactor" element, including the NISCC
> report, the ProCheckUp announcement, and various vulnerability
> databases.
>
> However, ProCheckUp's announcement also shows the vulnerable output:
>
> <faultactor>
>
> i.e., "actor" not "factor".
And while we're on the subject, I noticed that both SecurityFocus and
Secunia claim incorrectly that the issue is resolved with Cumulative Fix
10 for the 5.1 series. [CVE doesn't mention that 5.1 is affected; it
is.] The fix was meant to be included in that Fix but didn't actually
make it until Cumulative Fix 12; ie, see:
http://www-1.ibm.com/support/search.wss?rs=0&q=PK26181&apar=only
I did verify that Cumulative Fix 12 did indeed correct the problem.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list