oss-sec mailing list archives
Re: RCE, XSS and HTTP header injection in fli4l web interface
From: cve-assign () mitre org
Date: Sat, 31 Jan 2015 22:05:36 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 For the "execute arbitrary programs" issues, can you provide specific names for the vulnerability types, or any equivalent information? Examples of vulnerability types can be found on the https://www.owasp.org/index.php/Category:Vulnerability and http://cwe.mitre.org web sites. The paragraphs about include/cgi-helper and admin/pf.cgi aren't sufficient to determine the number of CVE IDs. For example, if one allows a SQL injection attack, and the other allows an attack with a ';' or other shell metacharacters, then they would have different CVE IDs. If both are about shell metacharacters, then they would have the same CVE ID. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUzZebAAoJEKllVAevmvmsQswIAJYIvTJFKLacqs3onLqcLpSH WwxlKT46XFAK6pz43OEpz72orYJkzcZsYUerSQYjhHSCrZE5QWcE+XG6f3oZ5LTQ 6UuWLZhSN5B2nYjv6D2VDy+PCdMdzXDyuULBN9WfhH3AozxSOKdJsilbONCEy4i0 DDSmGHkScXmZ6euqhRjsXx6MY5LkxaXVTKd4Sftc2k4KDuJANa7G1u3Lt9ziuf2s 9YZDSedfRDz1xnrbf0UTPHgc3VI1Cj3DF6G5sn9gLgvrQAkQNrZZwBSFZasNeG3u QXO0iCaH+vjAMBKRasMCy/t4GdgItBJH6SiuP9YG4Slk8ICQDqu5gY8tS1yTS3o= =Q8PG -----END PGP SIGNATURE-----
Current thread:
- RCE, XSS and HTTP header injection in fli4l web interface Felix Eckhofer (Jan 31)
- Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Jan 31)
- Re: RCE, XSS and HTTP header injection in fli4l web interface Felix Eckhofer (Feb 01)
- Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Feb 01)
- Re: RCE, XSS and HTTP header injection in fli4l web interface cve-assign (Jan 31)