[VIM] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-4495 (fwd)

security curmudgeon jericho at attrition.org
Wed Jan 18 00:55:32 EST 2006

: In addition, it appears that SpireMedia offers a service, more than a 
: specific software package that customers can buy and install by 
: themselves.  If this is the case, then it would be outside the normal 
: scope of CVE and we would note it explicitly.

I considered this before my reply, but found this on their web page:

  Every SpireMedia-built website comes with a content management solution.  
  Our CMS scales to the enterprise and includes permissions-based 
  workflow, automated publishing and expiration of content, 
  component-based controls for all modules, multiple-site support, and 
  support for unlimited design templates.

I'm not sure if that helps or makes this more confusing, since most VDBs 
have a policy against site specific vulnerabilities =) But, if they 
include this CMS package on every web site they design, to me that sounds 
like a commercial package, just not one sold as a COTS traditional 

More information about the VIM mailing list