[VIM] tomatoCMS - dupe or not?

Carsten H. Eiram che at secunia.com
Wed Jul 7 10:27:12 CDT 2010


I had one of my guys look into this and retest versions 2.0.5 and 2.0.6.

The conclusion is that:

a) This is a dupe of http://secunia.com/secunia_research/2010-56 as
spotted by Jericho.

b) The report from HTBridge stating that versions 2.0.6 and prior are
affected is incorrect. Version 2.0.5 does fix the vulnerability and it
has not been reintroduced in version 2.0.6.

Perhaps HTBridge tested against the vendor demo site, which runs the
vulnerable version 2.0.4, thinking it was the latest version?

/Carsten


On Tue, 2010-07-06 at 12:38 -0400, Steven M. Christey wrote:
> alleged rediscovery by HTBridge here:
> 
>    http://www.securityfocus.com/archive/1/512068/100/0/threaded
> 
>    claim is "q" parameter in index.php, in 2.0.6.
> 
> Jericho claims dupe with original Secunia discovery here:
> 
>    http://www.securityfocus.com/archive/1/archive/1/512189/100/0/threaded
> 
> but that issue, CVE-2010-1994, is the PATH_INFO in index.php, claimed to 
> be fixed in 2.0.5.
> 
> I suspect these are distinct vectors and vulns - Secunia?
> 
> - Steve
> 
-- 

Med venlig hilsen / Kind regards


Carsten H. Eiram
Chief Security Specialist

Secunia 
Weidekampsgade 14 A
DK-2300 Copenhagen S
Denmark

Phone  +45 7020 5144
Fax    +45 7020 5145



More information about the VIM mailing list