Hi Moritz, * Moritz Muehlenhoff <jmm@inutil.org> [2007-10-17 22:36]: > > CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...) > > NOT-FOR-US: Microsoft Expression Media > > CVE-2007-5469 (OpenSER 1.2.2 does not verify the Digest authentication header URI ...) > > - - openser <unfixed> (low; bug #446956) > > + - openser <unfixed> (unimportant; bug #446956) > > NOTE: should be only "exploitable" in local network with untrusted users > > CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...) > > NOT-FOR-US: Cisco > > In such cases it's useful to mail cve@mitre.org with a reference to > the bug to tell them that the issue is not considered a security > problem, so that the CVE entry can be revoked or marked as "DISPUTED". Thanks for the hint, contacted Steven Christey because of this. Kind regards Nico -- Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpQBkWPv0IIf.pgp
Description: PGP signature