[VIM] CVE-2007-3242 (fwd)
security curmudgeon
jericho at attrition.org
Wed Jun 20 20:02:15 UTC 2007
: Remember the web-app.net vs. web-app.org debacle? Here's a little more.
As if tracking vulnerabilities wasn't bad enough..
: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3242
:
: This is complete nonsense.
:
: WebAPP (the real one from http://www.web-app.net ) filters it out, it uses
http://archives.neohapsis.com/archives/bugtraq/2007-06/0160.html
"There is a system access vulnerability in the Menu Manager Mod for
WebAPP."
The original disclosure doesn't mention if it is the "real" WebAPP or the
other one.
"This mod is available at
http://www.2xlnt.com/webapp/development/app.cgi?action=downloadinfo&cat=webappmods&id=3"
According to that URL:
Menu Manager Mod v1.5
Updated for use with Web-App 0.9.9.2
It doesn't say if this is for WebAPP (from .net or .org).
: tainting/untainting. Why dont you guys check things before posting this
: sort of nonsense? Its not first time you give us at
: http://www.web-app.net "credits" for security findings in piratical
: imitations of our script.
:
: Please check our script version and correct this article.
Wait, the vulnerability was reported in a modular add-on to Web-App, why
would the code be in your script, unless it was distributed with it?
These guys certainly aren't helping with the confusion.
More information about the VIM
mailing list