Security Basics mailing list archives
Questions about SecurityFocus vulnerability Repository
From: François Gagnon <fgagnon () sce carleton ca>
Date: Mon, 25 Aug 2008 11:07:11 -0400
Hi,I have a few questions about how to interpret the vulnerability information on SecurityFocus.
1) For BID 30140 we have:"Sun SDK (Linux Production Release) 1.3.1 _22" is listed as both vulnerable and non-vulnerable
"Sun JRE (Linux Production Release) 1.4.2" is listed 5 times as vulnerable What is the meaning of that, or are they just glitches in the data ? 2) What is the meaning of the ± listing ?For instance, on DIB 10078 "Jarle Aase War FTPD 1.67 b05" is listed as non-vulnerable with the - tags
- Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 What does that mean ? 3) (related to question 2)For BID 3786, "Apache Software Foundation Apache 1.3.20" is listed as both vulnerable and non-vulnerable, but with different ± listings. What does that mean ?
4) Is there a document describing how to interpret the content of the BID on security focus ?
Thanks a lot ! -- François Gagnon Ph.D. Student Network Management and Artificial Intelligence Laboratory Carleton University www.sce.carleton.ca/~fgagnon
Current thread:
- Questions about SecurityFocus vulnerability Repository François Gagnon (Aug 25)