Re: [Secure-testing-commits] r6997 - data/CVE
> CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...)
> NOT-FOR-US: Microsoft Expression Media
> CVE-2007-5469 (OpenSER 1.2.2 does not verify the Digest authentication header URI ...)
> - - openser <unfixed> (low; bug #446956)
> + - openser <unfixed> (unimportant; bug #446956)
> NOTE: should be only "exploitable" in local network with untrusted users
> CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...)
> NOT-FOR-US: Cisco
In such cases it's useful to mail cve@mitre.org with a reference to
the bug to tell them that the issue is not considered a security
problem, so that the CVE entry can be revoked or marked as "DISPUTED".
Cheers,
Moritz
Reply to: