oss-sec mailing list archives
Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Fri, 20 Jan 2012 11:18:37 -0500 (EST)
On Wed, 11 Jan 2012, Kurt Seifried wrote:
On 01/11/2012 03:34 AM, Thijs Kinkhorst wrote:Hi, Can I get a CVE for this? http://code.google.com/p/simplesamlphp/issues/detail?id=468 http://groups.google.com/group/simplesamlphp- announce/browse_thread/thread/cb96723ee3c6751e thanks, ThijsPlease use CVE-2012-0040 for this issue.
There are actually two separate bugs, by two different finders, so we need two CVEs.
CVE-2012-0040 - the original no_cookie.php issue reported by timtai1CVE-2012-0908 - (just assigned by me) - the logout.php issue that the vendor found while researching CVE-2012-0040.
- Steve
Current thread:
- CVE request: simpleSAMLphp 1.8.2 cross site scripting Thijs Kinkhorst (Jan 11)
- Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting Kurt Seifried (Jan 11)
- Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting Steven M. Christey (Jan 20)
- Re: CVE request: simpleSAMLphp 1.8.2 cross site scripting Kurt Seifried (Jan 11)