Full Disclosure: Re: Cisco ACE XML Gateway <= 6.0 Internal IP disclosure

Re: Cisco ACE XML Gateway <= 6.0 Internal IP disclosure

From: Jeremy Brown <0xjbrown41 () gmail com>
Date: Fri, 25 Sep 2009 01:25:02 -0400

Well thats not very nice.

On Fri, Sep 25, 2009 at 12:53 AM, Richard Cyrios <r.u.cyrios () gmail com> wrote:

24/09/2009    Tonight!, the vulnerability goes public and PSIRT is
informed.


.... and the world is thrown into chaos via an internal IP being disclosed.

08/09/2009    The PSIRT Incident Manager took the ownership of the
vulnerability.
11/09/2009    Developers confirmed the vulnerability. Code fixes and
testing
remained pending.
Green flag given to go public whenever I'd like.


Cos they think it's a gay vuln....

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Cisco ACE XML Gateway <= 6.0 Internal IP disclosure nitrØus (Sep 25)
- Re: Cisco ACE XML Gateway <= 6.0 Internal IPdisclosure Paul Oxman (poxman) (Sep 25)
- <Possible follow-ups>
- Re: Cisco ACE XML Gateway <= 6.0 Internal IP disclosure Richard Cyrios (Sep 25)
  - Re: Cisco ACE XML Gateway <= 6.0 Internal IP disclosure Jeremy Brown (Sep 25)
  - Re: Cisco ACE XML Gateway <= 6.0 Internal IP disclosure Valdis . Kletnieks (Sep 25)