oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 09 Mar 2012 23:18:15 -0700
On 03/09/2012 01:47 AM, Henri Salo wrote:

Can I get CVE-identifier for this security vulnerability, thank you.

Advisory: http://seclists.org/bugtraq/2012/Jan/127
http://osvdb.org/show/osvdb/78473
http://www.securityfocus.com/bid/51576

Discovered and vendor informed: 2011-12-19
Vendor ack: 2011-12-20
Disclosure and exploit: 2012-01-19

Does this get 2011 or 2012 ID?

- Henri Salo


Generally public disclosure otherwise we get to play insane "when did
this become a security issue philosophy games", plus pragmatically
public issue = known = can assign a CVE =).

Please use CVE-2012-1153 for this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)
Previous By Date Next
Previous By Thread Next

Current thread: