[VIM] CVE-2007-3242 (fwd)

security curmudgeon jericho at attrition.org
Wed Jun 20 20:02:15 UTC 2007

: Remember the web-app.net vs. web-app.org debacle?  Here's a little more.

As if tracking vulnerabilities wasn't bad enough..

: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3242
: This is complete nonsense.
: WebAPP (the real one from http://www.web-app.net ) filters it out, it uses


  "There is a system access vulnerability in the Menu Manager Mod for 

The original disclosure doesn't mention if it is the "real" WebAPP or the 
other one.

  "This mod is available at 

According to that URL:
   Menu Manager Mod v1.5
   Updated for use with Web-App

It doesn't say if this is for WebAPP (from .net or .org).

: tainting/untainting. Why dont you guys check things before posting this 
: sort of nonsense? Its not first time you give us at 
: http://www.web-app.net "credits" for security findings in piratical 
: imitations of our script.
: Please check our script version and correct this article.

Wait, the vulnerability was reported in a modular add-on to Web-App, why 
would the code be in your script, unless it was distributed with it?

These guys certainly aren't helping with the confusion.

More information about the VIM mailing list