|
Full Disclosure
mailing list archives
Re: Apache Killer
From: Georgi Guninski <guninski () guninski com>
Date: Fri, 26 Aug 2011 16:19:31 +0300
On Thu, Aug 25, 2011 at 03:52:00PM -0400, Valdis.Kletnieks () vt edu wrote:
On Thu, 25 Aug 2011 21:35:04 +0300, Georgi Guninski said:
On Wed, Aug 24, 2011 at 10:45:53AM +0100, Mark J Cox wrote:
Use CVE-2011-3192.
why the fuck use this shit?
So that when two different people issue advisories about it, if they both say
CVE-2011-3192, we know it's the same issue. Otherwise if you got some people
writing about Kingcope's hole with gzip and others writing about Zalewski's
hole with Range: it's hard to tell if they're really the same issue or not.
ok, there might be some sense in using canonical names,
but why chose possibly the worst service available?
from their front page: "CVE®" - remember, remember what happened with the securityfocus/bugtraq exploit DB?
btw, all the shitty id that should be "used" says:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new
security problem. When the candidate has been publicized, the details for this candidate will be provided.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Apache Killer, (continued)
Re: Apache Killer Jari Fredriksson (Aug 20)
Re: Apache Killer Mark J Cox (Aug 24)
Re: Apache Killer Georgi Guninski (Aug 29)
Re: Apache Killer matteo filippetto (Aug 30)
Re: Apache Killer Georgi Guninski (Aug 30)
Re: Apache Killer Mark J Cox (Aug 24)
Re: Apache Killer Kim Henriksen (Aug 22)
Apache Killer confirm.ed (Aug 22)
(Thread continues...)
|
