[VIM] Vendor dispute / clarification for CVE-2005-4515 (WebDB)

Steven M. Christey coley at linus.mitre.org
Tue Mar 7 16:10:49 EST 2006


FYI.  My read is that the reported vulnerability was in a single
customized web site.  Also, from the sound of things, the software is not
directly distributed to customers, rather it is controlled by the vendor.

- Steve

---------- Forwarded message ----------
Date: Tue, 7 Mar 2006 21:03:28 -0000
From: Lois Software
To: cve at mitre.org
Subject: CVE-2005-4515 (under review)

[snip]

WebDB is a generic online database system used by many of the clients of
Lois Software. The flaw that was identified was some code that was added for
a client to do some testing of his system and only certain safe commands
were allowed. This code has now been removed and it is not now possible to
use SQL queries as part of the query string.

No installation or patch is required All clients use a common code library
and have their own front end and databases and connections. So as soon as a
change / upgrade / enhancement is made to the code, all users of the
software begin to use the latest changes immediately.

A message has also been put on the original posting site.

Many Thanks

Lois Software - Bristol - England
www.loissoftware.com


More information about the VIM mailing list