[VIM] Clarification on WikkaWikki RSS feed severity (CVE-2007-2552)

Steven M. Christey coley at mitre.org
Wed May 9 20:20:50 UTC 2007


CVE-2007-2552, and some related references, originally claimed that
the contents of private feeds could be read via RSS feeds.  CVE's
description was based on a vendor change item that said "You can see
pages you normally can't see on Recent changes page by reading the
rss-feed."

Today, the vendor contacted CVE through NVD, stating:

> The sense of the original bug report (http://wush.net/trac/wikka/
> ticket/305) is the following. Prior to WikkaWiki 1.1.6.3, users
> could access through the recentchanges feed the *name* (and the
> optional revision note and revision date) of a private page, not the
> *content* of this page.

followed by a trace of the error cascade and the usual critique
against VDBs for not contacting them to double-check.

- Steve


More information about the VIM mailing list