[VIM] IIS WebDav Vulnerability CVE ID

Steven M. Christey coley at linus.mitre.org
Thu Jun 11 17:09:41 UTC 2009

On Wed, 10 Jun 2009, Sandra Hill wrote:

> Hey Steve,
> what about CVE-2009-1122? Is it a duplicate of CVE-2009-1535 also?

It's not immediately clear.  I would expect that Microsoft wouldn't assign
duplicate identifiers to the same core issue, but on the surface, the only
main difference is the IIS versions.  They might have done a split because
of different versions and/or different exploit conditions, but that would
be an improper split; or, maybe it's a different attack entirely, in which
case having separate CVEs would be appropriate.

I'll investigate with them and get back to you.

- Steve

More information about the VIM mailing list