[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: simpleSAMLphp 1.8.2 cross site scripting
From: "Steven M. Christey" <coley () rcf-smtp ! mitre ! org>
Date: 2012-01-20 16:18:37
Message-ID: Pine.GSO.4.64.1201201117010.12004 () faron ! mitre ! org
[Download RAW message or body]
On Wed, 11 Jan 2012, Kurt Seifried wrote:
> On 01/11/2012 03:34 AM, Thijs Kinkhorst wrote:
>> Hi,
>>
>> Can I get a CVE for this?
>>
>> http://code.google.com/p/simplesamlphp/issues/detail?id=468
>> http://groups.google.com/group/simplesamlphp-
>> announce/browse_thread/thread/cb96723ee3c6751e
>>
>>
>> thanks,
>> Thijs
> Please use CVE-2012-0040 for this issue.
There are actually two separate bugs, by two different finders, so we need
two CVEs.
CVE-2012-0040 - the original no_cookie.php issue reported by timtai1
CVE-2012-0908 - (just assigned by me) - the logout.php issue that the
vendor found while researching CVE-2012-0040.
- Steve
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic