Full Disclosure mailing list archives
Re: Apache Killer
From: Georgi Guninski <guninski () guninski com>
Date: Fri, 26 Aug 2011 16:19:31 +0300
On Thu, Aug 25, 2011 at 03:52:00PM -0400, Valdis.Kletnieks () vt edu wrote:
On Thu, 25 Aug 2011 21:35:04 +0300, Georgi Guninski said:On Wed, Aug 24, 2011 at 10:45:53AM +0100, Mark J Cox wrote:Use CVE-2011-3192.why the fuck use this shit?So that when two different people issue advisories about it, if they both say CVE-2011-3192, we know it's the same issue. Otherwise if you got some people writing about Kingcope's hole with gzip and others writing about Zalewski's hole with Range: it's hard to tell if they're really the same issue or not.
ok, there might be some sense in using canonical names, but why chose possibly the worst service available? from their front page: "CVE®" - remember, remember what happened with the securityfocus/bugtraq exploit DB? btw, all the shitty id that should be "used" says: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Apache Killer, (continued)
- Re: Apache Killer Douglas Huff (Aug 24)
- Re: Apache Killer Douglas Huff (Aug 24)
- Re: Apache Killer Davide Guerri (Aug 24)
- Message not available
- Re: Apache Killer -= Glowing Sex =- (Aug 24)
- Re: Apache Killer -= Glowing Sex =- (Aug 20)
- Re: Apache Killer Sheran Gunasekera (Aug 21)
- Re: Apache Killer Georgi Guninski (Aug 25)
- Re: Apache Killer Valdis . Kletnieks (Aug 25)
- Re: Apache Killer Georgi Guninski (Aug 26)
- Re: Apache Killer Valdis . Kletnieks (Aug 26)
- Re: Apache Killer nix (Aug 26)
- Re: Apache Killer Ulises2k (Aug 26)
- Re: Apache Killer Jari Fredriksson (Aug 22)