oss-sec mailing list archives
Re: Question regarding CVE applicability of missing HttpOnly flag
From: cve-assign () mitre org
Date: Thu, 26 Jun 2014 11:59:11 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It is closest to b. It would be very rare to assign a CVE for a design choice by a system integrator. Suppose a new operating-system distribution ships tomorrow without a virus scanner. Often the best model for this would be a set of tasks that hasn't happened. For example, the vendor hasn't yet investigated customer requirements for what a virus scanner should do. The vendor hasn't performed the release-engineering work of packaging a virus scanner. There are other tasks as well. We don't think that CVE consumers are looking for us to tag cases where a product lacks complete subsystem parity with all possible competitors. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTrEKzAAoJEKllVAevmvmsQTUH/0cPHrYZstLGCetls924I5Hm BWJHtpAKV9ryan8S7o4kxcxjYHs0z/dUM1GypO3+Gn69T4PIlW+t3Cfo/IE4IFn9 sidJS6w7+8vbF2yrs9RjHZ2ap+ieHNeRJdpeuyKHKeDOIpAnm6fH120dGRf6euvf Zhlw7ZBO4UkjyhHh1Lb9zo4KGo3498sYW9wHm106P71/YVNGLudiHLJLGWPm9M7w dWJIFYRctAuNKTZk7AeE2UFQCfficcS3cWH3dlrJD5hUXtmJjWMRzlu1EWVa6StI 4HFsXfgJMEspXzqlRzoLaja8I6a8tsTMTGG7ea7xcwsi8912BnjHpMSLZf4ct1U= =30i7 -----END PGP SIGNATURE-----
Current thread:
- Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 25)
- Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 25)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 25)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Murray McAllister (Jun 26)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Henri Salo (Jun 26)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Murray McAllister (Jun 26)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 25)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Vladimir '3APA3A' Dubrovin (Jun 26)
- Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 25)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Florian Weimer (Jun 26)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 26)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Jamie Strandboge (Jun 26)
- Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 26)
- Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag cve-assign (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 30)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 27)
- Re: Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 26)
- Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag Kurt Seifried (Jun 27)
- Re: Question regarding CVE applicability of missing HttpOnly flag Vincent Danen (Jun 27)