[VIM] Oracle and CIA
George A. Theall
theall at tenablesecurity.com
Mon Mar 12 20:43:27 UTC 2007
On 03/12/07 16:25, security curmudgeon wrote:
> Regarding the Jan CPU from Oracle:
> http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
>
>
> Did anyone notice that several of the vulnerabilities listed apparently
> do not impact Confidentiality, Integrity -or- Availability?
> Mistake/oversight, or something else?
>
> DB10, DB11, DB12, DB13, etc
There's a note below the table that clarifies those scores as
representing "problems that are not exploitable in a default database
environment".
There's been some discussion of Oracle's scoring methodology on the
CVSS-SIG mailing list. Hopefully now that they've joined the SIG, these
sorts of issues will fade away.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list