(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群RECENT-46 - 23的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群RECENT-46 - 23的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:2000年12月19日,星期二17:09:53 -0500(美国东部时间)
- 交货日期:2000年12月19日17:09:57星期二
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
下面的集群包含23个候选人在11月21日宣布,11月28日,2000年。注意,投票网站将不会更新这个集群,直到周三的某个时候。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-1112 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1112最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:女士:ms00 - 090参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 090. - asp参考:报价:1976参考:网址:http://www.securityfocus.com/bid/1976微软Windows媒体播放器7执行脚本自定义皮肤(.WMS)文件,这可能允许远程攻击者获得特权通过皮肤包含恶意脚本,即“。WMS脚本执行“脆弱性。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1112 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1113网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1113最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:ATSTAKE: A112300-1参考:网址:http://www.atstake.com/research/advisories/2000/a112300 - 1. - txt参考:女士:ms00 - 090参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 090. - asp参考:报价:1980参考:网址:http://www.securityfocus.com/bid/1980缓冲区溢出在微软Windows媒体播放器允许远程攻击者执行任意命令通过一个畸形的活动流转向器(.ASX)文件,即“。澳交所”缓冲区溢出漏洞。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1113 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1162网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1162最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:火山口:综援- 2000 - 041参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 041.0.txt参考:曼德拉草:MDKSA-2000:074参考:网址:http://www.linux mandrake.com/en/security/mdksa - 2000 - 074. - php3参考:CONECTIVA: CLSA-2000:343参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343参考:REDHAT: RHSA-2000:114-03参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 114. - html参考:DEBIAN: 20001123内容:符号链接攻击参考:网址:http://www.debian.org/security/2000/20001123参考:报价:1990参考:网址:http://www.securityfocus.com/bid/1990内容-16年5.10之前允许本地用户覆盖文件的其他用户通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1162 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1163网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1163最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:火山口:综援- 2000 - 041参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 041.0.txt参考:曼德拉草:MDKSA-2000:074参考:网址:http://www.linux mandrake.com/en/security/mdksa - 2000 - 074. - php3参考:CONECTIVA: CLSA-2000:343参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343参考:DEBIAN: 20001123内容:符号链接攻击参考:网址:http://www.debian.org/security/2000/20001123参考:报价:1991参考:网址:http://www.securityfocus.com/bid/1991内容-16年5.10之前使用一个空LD_RUN_PATH环境变量在当前目录中找到图书馆,这将允许本地用户执行命令其他用户通过放置一个特洛伊木马库到另一个用户执行内容的一个目录。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1163 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1187网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1187最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:REDHAT: RHSA-2000:109-05参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 109. - html参考:CONECTIVA: CLSA-2000:344参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000344参考:SuSE-SA: 2000:48参考:网址:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html参考:FREEBSD: FreeBSD-SA-00:66参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc参考:BUGTRAQ: 20001121 Immunix OS的安全更新网景参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97500270012529&w=2缓冲区溢出在Netscape 4.75和HTML解析器之前允许远程攻击者执行任意命令通过一个长密码值在一个表单字段。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1187 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1106网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1106最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001128 TrendMicro内扫描VirusWall共享文件夹问题参考:网址:http://www.securityfocus.com/archive/1/147563参考:BUGTRAQ: 20001201回复BUGTRAQ ID 2014 -“趋势微内扫描VirusWall共享目录脆弱性”参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0016.html参考:报价:2014参考:网址:http://www.securityfocus.com/bid/2014Trend Micro内扫描VirusWall创建一个“Intscan”分享“内扫描”目录权限授予每个人完全控制权限组,攻击者可以获得特权通过修改VirusWall项目。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1106 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1107网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1107最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001128 SuSE Linux 6。x 7.0鉴别缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0387.html参考:报价:2015参考:网址:http://www.securityfocus.com/bid/2015在。在SuSE Linux identd鉴别服务器6。x和7.0允许远程攻击者通过很长的请求导致拒绝服务,导致服务器访问空指针和崩溃。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1107 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1115网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1115最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001122 602 pro局域网套件Web管理溢出参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0299.html参考:确认:http://www.software602.com/products/ls/support/newbuild.html参考:报价:1979参考:网址:http://www.securityfocus.com/bid/1979缓冲区溢出在远程web管理组件(webprox.dll) 602 pro局域网套件之前2000.0.1.33允许远程攻击者可能导致拒绝服务和执行任意命令通过一个GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1115 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1136网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1136最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001122发布的新版本的elvis-tiny参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97502995616099&w=2参考:报价:1984参考:网址:http://www.securityfocus.com/bid/1984elvis-tiny在Debian Linux 1.4 -10年之前,可能还有其他Linux操作系统,允许本地用户覆盖文件的其他用户通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1136 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1101网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1101最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:参考:BUGTRAQ: 20001127脆弱性Winsock FTPD 2.41/3.00 (Pro)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0386.html参考:报价:2005参考:网址:http://www.securityfocus.com/bid/2005目录遍历脆弱性Winsock FTPd (WFTPD) 3.00和2.41“限制主目录”选项启用允许本地用户逃避通过“/ home目录. ./”字符串,一个变种的. .(点点)攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1101 3供应商确认:未知的模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1102网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1102最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:报价:2008参考:网址:http://www.securityfocus.com/bid/2008参考:BUGTRAQ: 20001126 Vulnerablity PTlink3.5.3ircd + PTlink.Services.1.8.1……参考网址:http://www.securityfocus.com/archive/1/147115PTlink IRCD 3.5.3和PTlink服务1.8.1允许远程攻击者造成拒绝服务(服务器崩溃)通过“模式+ owgscfxeb”和“打开”命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1102 3供应商确认:未知用户声称在后续补丁的内容决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1103网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1103最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001127 BSDi rcvtty gid = 3.0/4.0 tty利用……(mh包)参考:网址:http://www.securityfocus.com/archive/1/147120参考:报价:2009参考:网址:http://www.securityfocus.com/bid/2009rcvtty在3.0和4.0 BSD不恰当地执行一个脚本之前删除权限,允许本地攻击者获得特权通过指定另一种特洛伊木马脚本命令行上。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1103 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1109网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1109最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001127午夜指挥官参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0373.html参考:报价:2016参考:网址:http://www.securityfocus.com/bid/2016午夜指挥官(mc) 4.5.51早些时候,不适当的过程畸形的目录名当用户打开一个目录,它允许其他本地用户获得特权通过创建目录包含特殊字符后跟要执行的命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1109 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1110网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1110最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:IBM净BUGTRAQ: 20001128。脆弱性数据本地路径信息披露?参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0384.html参考:报价:2017参考:网址:http://www.securityfocus.com/bid/2017文档。d2w CGI程序在IBM。数据db2www包允许远程攻击者确定web服务器的物理路径通过发送一个不存在的命令程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1110 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1114网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1114最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001121披露JSP源代码与ServletExec v3.0c + web ins例如参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0285.html参考:报价:1970参考:网址:http://www.securityfocus.com/bid/1970统一ServletExec v3.0C允许远程攻击者读取源代码JSP页面通过一个HTTP请求,以人物如“。”、“+”或“% 20”。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1114 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1117网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1117分配最终决定:阶段性裁决:修改:建议:20001219:20001214类别:科幻参考:BUGTRAQ: 20001124安全漏洞在发射极耦合逻辑功能的Java VM嵌入在Lotus Notes客户机R5参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0341.html参考:报价:1994参考:网址:http://www.securityfocus.com/bid/1994扩展控制列表(ECL)特性的Java虚拟机(JVM)在Lotus Notes客户机R5允许恶意网站运营商决定的存在文件在客户端通过测量延迟getSystemResource的执行方法。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1117 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1118网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1118最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001127 24链接网络服务器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0369.html24链接1.06 web服务器允许远程攻击者绕过访问限制通过将字符串如“/ + /”或“/”。HTTP GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1118 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1129网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1129最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001123 McAfee WebShield SMTP漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0324.html参考:报价:1999参考:网址:http://www.securityfocus.com/bid/1999McAfee WebShield SMTP 4.5允许远程攻击者通过畸形引起拒绝服务接受者。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1129 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1130网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1130最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001123 McAfee WebShield SMTP漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0324.html参考:报价:1993参考:网址:http://www.securityfocus.com/bid/1993McAfee WebShield SMTP 4.5允许远程攻击者绕过电子邮件内容过滤规则包括扩展的ASCII字符在附件的名称。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1130 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1165网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1165最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001122 DoS可能性syslog-ng参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0300.html参考:报价:1981参考:网址:http://www.securityfocus.com/bid/1981参考:确认:http://www.balabit.hu/products/syslog-ng/Balabit syslog-ng允许远程攻击者造成拒绝服务(应用程序崩溃)通过一个畸形的日志消息中没有关闭>优先级说明符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1165 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1166网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1166最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001124安全问题与树枝邮箱系统参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0351.html参考:报价:1998参考:网址:http://www.securityfocus.com/bid/1998树枝邮箱系统不正确设置“vhost”变量如果不是在网站配置,远程攻击者可以插入任意PHP (PHP3)代码通过指定一个替代vhost索引作为参数。php3程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1166 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1168网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1168最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001123 IBM HTTP Server 1.3.6远程溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97502498610979&w=2参考:报价:1988参考:网址:http://www.securityfocus.com/bid/1988IBM HTTP Server 1.3.6(基于Apache)允许远程攻击者可能导致拒绝服务和执行任意命令通过一个GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1168 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1173网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1173最终决定:阶段性裁决:修改:建议:20001219分配:20001214类别:科幻参考:BUGTRAQ: 20001122 CyberPatrol——可怜的信用卡保护参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0323.html参考:报价:1977参考:网址:http://www.securityfocus.com/bid/1977Microsys CyberPatrol使用弱加密(简单编码)信用卡号码和使用不加密的其余部分信息在注册期间,这可能允许攻击者嗅探网络流量,获得敏感信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1173 3供应商确认:内容决定:DESIGN-WEAK-ENCRYPTION, DESIGN-NO-ENCRYPTION投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群RECENT-45 - 33的候选人
- 下一个按日期:(提案)集群RECENT-47 - 27的候选人
- Prev线程:(提案)集群RECENT-45 - 33的候选人
- 下一个线程:(提案)集群RECENT-47 - 27的候选人
- 指数(es):
