[VIM] CVE-2006-1854 - Dispute (fwd)
Steven M. Christey
coley at linus.mitre.org
Wed May 17 00:29:24 EDT 2006
more on the bluepay dispute, edited to remove identifying information.
event did work. Does this mean that r0t is testing more interesting
NOTE - it's a hosted solution.
---------- Forwarded message ----------
Date: Mon, 15 May 2006 11:48:29 -0500
From: Chris Jansen
To: Steven M. Christey <coley at rcf-smtp.mitre.org>
Subject: Re: CVE-2006-1854 - Dispute
Thank you so much for your response!
> The current version is below. This will be on the CVE web site later
> today, and in NVD shortly thereafter. We will try to determine the
> validity of the report.
> It appears that the researcher did some testing on the following URL:
> 1) May we test this page for XSS issues? The tests would be manually done
> in a way that would minimize impact on the server.
You are welcome to test the page for XSS issues. If you'd like to inform me
before testing, feel free to telephone me at [xyz]
> 2) Is this part of the normal BluePay package that would be available to
https://secure.bluepay.com/login is our login page - it is available to all
> 3) Is BluePay offered as a separate package to consumers, or is it
> entirely a hosted solution on servers controlled by BluePay?
It is entirely hosted by Bluepay, so any updates to the system affect all
merchants immediately; there are no "copies" in public that would also need
to be updated.
> I hope that we can resolve this issue to everyone's satisfaction.
I hope so as well! Thank you again for the prompt and courteous reply!
More information about the VIM