[VIM] Clarification on WikkaWikki RSS feed severity (CVE-2007-2552)
Steven M. Christey
coley at mitre.org
Wed May 9 20:20:50 UTC 2007
CVE-2007-2552, and some related references, originally claimed that
the contents of private feeds could be read via RSS feeds. CVE's
description was based on a vendor change item that said "You can see
pages you normally can't see on Recent changes page by reading the
rss-feed."
Today, the vendor contacted CVE through NVD, stating:
> The sense of the original bug report (http://wush.net/trac/wikka/
> ticket/305) is the following. Prior to WikkaWiki 1.1.6.3, users
> could access through the recentchanges feed the *name* (and the
> optional revision note and revision date) of a private page, not the
> *content* of this page.
followed by a trace of the error cascade and the usual critique
against VDBs for not contacting them to double-check.
- Steve
More information about the VIM
mailing list