[VIM] tomatoCMS - dupe or not?
Carsten H. Eiram
che at secunia.com
Wed Jul 7 10:27:12 CDT 2010
I had one of my guys look into this and retest versions 2.0.5 and 2.0.6.
The conclusion is that:
a) This is a dupe of http://secunia.com/secunia_research/2010-56 as
spotted by Jericho.
b) The report from HTBridge stating that versions 2.0.6 and prior are
affected is incorrect. Version 2.0.5 does fix the vulnerability and it
has not been reintroduced in version 2.0.6.
Perhaps HTBridge tested against the vendor demo site, which runs the
vulnerable version 2.0.4, thinking it was the latest version?
/Carsten
On Tue, 2010-07-06 at 12:38 -0400, Steven M. Christey wrote:
> alleged rediscovery by HTBridge here:
>
> http://www.securityfocus.com/archive/1/512068/100/0/threaded
>
> claim is "q" parameter in index.php, in 2.0.6.
>
> Jericho claims dupe with original Secunia discovery here:
>
> http://www.securityfocus.com/archive/1/archive/1/512189/100/0/threaded
>
> but that issue, CVE-2010-1994, is the PATH_INFO in index.php, claimed to
> be fixed in 2.0.5.
>
> I suspect these are distinct vectors and vulns - Secunia?
>
> - Steve
>
--
Med venlig hilsen / Kind regards
Carsten H. Eiram
Chief Security Specialist
Secunia
Weidekampsgade 14 A
DK-2300 Copenhagen S
Denmark
Phone +45 7020 5144
Fax +45 7020 5145
More information about the VIM
mailing list