[VIM] CVE-2009-4006
Steven M. Christey
coley at linus.mitre.org
Wed Dec 9 16:38:15 UTC 2009
On Wed, 9 Dec 2009, Carsten H. Eiram wrote:
> I just noticed that the NVD CVSS2 score sets "Au:S". That is incorrect -
> no authentication is required.
That means no change is necessary to the raw CVE description, although I'm
starting to think it might be good for us to do a better job of
distinguishing between "no auth required" versus "we don't know if auth is
required or not." The term "remote attackers" could be used in either
situation, CVE-wise.
- Steve
More information about the VIM
mailing list