[VIM] Revisiting The Past
security curmudgeon
jericho at attrition.org
Thu Aug 31 05:54:20 EDT 2006
: My gut reaction is that this was a dupe/rediscovery that wasn't caught
: due to different spellings of "ProductCart" and "Product Cart" (though
: we should have caught it on the script or parameter name...) These
: days, I would update the original CVE to mention the new version that is
: also affected.
:
: I hate duplicates due to alternate spellings :( In CVE, we don't have a
: normalized vendor or product name field, which might make this issue
: worse - or do other DBs have the same problem?
Belated reply but, OSVDB ran into the same thing. 17329 and 18508 are the
same issue, but due to the space in the vendor name it wasn't caught. In
my attempts to refine searches, I'll use "ProductCart" or "Product Cart"
(in this example obviously), which would exclude each other if I specify
'exact phrase'.
More information about the VIM
mailing list