[VIM] BID 63301?
security curmudgeon
jericho at attrition.org
Mon Oct 28 16:18:12 CDT 2013
On Mon, 28 Oct 2013, Dinesh Theerthagiri wrote:
: Thanks right , they are saying "Contexis 1.0" is vulnerable and its
: fixed in "Contexis 2.0". But still we are not able to find the download
: product.
:
: Can you anybody please tell, no what basics CVE will be assigned. As of
: my understanding goes CVE are assigned only for downloadable
: application.
Correct. If it is a site specific issue, no CVE will be assigned.
We see this pretty frequently these days. A company will put a general
'version' on their product, which is custom one-off web sites. In some
cases, a researcher will find a vulnerability in several web sites where
they re-used the same code. We've tracked it down many times and figured
out it was the same design company re-using code, not an actual product.
More information about the VIM
mailing list