[VIM] IIS WebDav Vulnerability CVE ID
Steven M. Christey
coley at linus.mitre.org
Thu Jun 11 17:09:41 UTC 2009
On Wed, 10 Jun 2009, Sandra Hill wrote:
> Hey Steve,
> what about CVE-2009-1122? Is it a duplicate of CVE-2009-1535 also?
It's not immediately clear. I would expect that Microsoft wouldn't assign
duplicate identifiers to the same core issue, but on the surface, the only
main difference is the IIS versions. They might have done a split because
of different versions and/or different exploit conditions, but that would
be an improper split; or, maybe it's a different attack entirely, in which
case having separate CVEs would be appropriate.
I'll investigate with them and get back to you.
More information about the VIM