[Secure-testing-team] [Secure-testing-commits] r7192 - data/CVE
Nico Golde
debian-secure-testing+ml at ngolde.de
Fri Nov 2 10:25:11 UTC 2007
Hi Florian,
* Florian Weimer <fw at deneb.enyo.de> [2007-11-02 10:13]:
> > CVE-2007-5695 (command.php in SiteBar 3.3.8 allows remote attackers to redirect users ...)
> > - - sitebar <unfixed> (low; bug #448690)
> > + - sitebar <unfixed> (unimportant; bug #448690)
> > + NOTE: there is no real exploit scenario
>
> I disagree with that assessment. Open redirectors pose at least a very
> real reputation risk.
Yes for sites with some kind of trust-level. I agree if this
would be the web application for online banking but what is
your exploit szenario in this case?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20071102/0f092e3a/attachment.pgp
More information about the Secure-testing-team
mailing list