[VIM] CVE-2009-4006

Steven M. Christey coley at linus.mitre.org
Wed Dec 9 16:38:15 UTC 2009

On Wed, 9 Dec 2009, Carsten H. Eiram wrote:

> I just noticed that the NVD CVSS2 score sets "Au:S". That is incorrect -
> no authentication is required.

That means no change is necessary to the raw CVE description, although I'm 
starting to think it might be good for us to do a better job of 
distinguishing between "no auth required" versus "we don't know if auth is 
required or not."  The term "remote attackers" could be used in either 
situation, CVE-wise.

- Steve

More information about the VIM mailing list