[VIM] Oracle and CIA
jericho at attrition.org
Mon Mar 12 20:44:54 UTC 2007
: > Regarding the Jan CPU from Oracle:
: > http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
: > Did anyone notice that several of the vulnerabilities listed apparently do
: > not impact Confidentiality, Integrity -or- Availability? Mistake/oversight,
: > or something else?
: > DB10, DB11, DB12, DB13, etc
: There's a note below the table that clarifies those scores as
: representing "problems that are not exploitable in a default database
As always, firing off mails before reading the entire thing =)
: There's been some discussion of Oracle's scoring methodology on the
: CVSS-SIG mailing list. Hopefully now that they've joined the SIG, these
: sorts of issues will fade away.
Good. Just because it doesn't exist in a default setup doesn't mean the
vulnerability magically no longer affects C, I or A.
More information about the VIM