[VIM] Minimizing error cascades in vulnerability information management

George A. Theall theall at tenablesecurity.com
Tue Nov 7 16:02:32 EST 2006

Steven M. Christey wrote:

> Most of the recent disclosures for a WebSphere XSS issue
> (CVE-2006-2431) mention the "faultfactor" element, including the NISCC
> report, the ProCheckUp announcement, and various vulnerability
> databases.
> However, ProCheckUp's announcement also shows the vulnerable output:
>   <faultactor>
> i.e., "actor" not "factor".

And while we're on the subject, I noticed that both SecurityFocus and
Secunia claim incorrectly that the issue is resolved with Cumulative Fix
10 for the 5.1 series. [CVE doesn't mention that 5.1 is affected; it
is.] The fix was meant to be included in that Fix but didn't actually
make it until Cumulative Fix 12; ie, see:


I did verify that Cumulative Fix 12 did indeed correct the problem.

theall at tenablesecurity.com

More information about the VIM mailing list