Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 09 Mar 2012 23:18:15 -0700

On 03/09/2012 01:47 AM, Henri Salo wrote:
Can I get CVE-identifier for this security vulnerability, thank you.

Advisory: http://seclists.org/bugtraq/2012/Jan/127
http://osvdb.org/show/osvdb/78473
http://www.securityfocus.com/bid/51576

Discovered and vendor informed: 2011-12-19
Vendor ack: 2011-12-20
Disclosure and exploit: 2012-01-19

Does this get 2011 or 2012 ID?

- Henri Salo

Generally public disclosure otherwise we get to play insane "when did
this become a security issue philosophy games", plus pragmatically
public issue = known = can assign a CVE =).

Please use CVE-2012-1153 for this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault