[VIM] CVE-2005-4003 - ASPS - description identifies wrong bug type

security curmudgeon jericho at attrition.org
Fri Feb 10 22:18:17 EST 2006


: Some VDBs have mentioned both XSS and SQL injection as vectors.  While 
: the issue smells like it could be both (e.g. SQL injection enabling XSS 
: in error messages), it could be that these VDBs mentioned the SQL 
: injection due to CVE's mistaken description.  The only original source 
: information I have is XSS.
: 
: ======================================================
: Name: CVE-2005-4003
: Status: Candidate
: URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4003
: Reference: MISC:http://pridels.blogspot.com/2005/12/asps-shopping-cart-professional-and.html
: Reference: BID:15694 
: Reference: URL:http://www.securityfocus.com/bid/15694

The blog has no mention of SQL still, and BID covers XSS. Know off hand 
which VDBs picked up or reported the SQL issue?


More information about the VIM mailing list