-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Keep in mind that many times Bugtraq and CVE will get out of sync.
CVE's are always CAN's first. A CAN becomes a CVE only after it is voted on to elevate it to a "bonified vulnerabiluty". If that occurs then CAN-xxx-xxxx becomes CVE-xxx-xxxx Some but not all CAN will become CVE in the future. It us also, per my understanding, if an issue is reported and it is given a CAN but it is later found to be a duplicate issue that the assigned CAN is scrapped. Example: I report a Denial of Service on Apache-x-xxx. CAN assigned However a Buffer Over flow was reported on Apache-x-xxx. CAN assigned It is later found they are both the same vulnerability just reported differently. One of the above will be deleted. In addition it is a it is a large system out there and managed by human hands. Errors will occur. Erik > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Cox, Michael > Sent: Thursday, March 20, 2003 8:55 AM > To: Thomas Reinke; [EMAIL PROTECTED] > Subject: RE: [Fwd: CVE Promotions and invalid IDs] > > > Note that when you search cve.mitre.org for candidate ID's that > have been promoted, you will still find the appropriate record. > > I can add a one to the incorrect list: > > "IIS .IDA ISAPI filter applied" > > script_id(10695); > script_cve_id("CAN-2002-0500"); > > The correct CVE ID is CVE-2001-0500. > > Cheers, > Michael > > > > -----Original Message----- > > From: Thomas Reinke [mailto:[EMAIL PROTECTED] > > Sent: Thursday, March 20, 2003 8:32 AM > > To: [EMAIL PROTECTED] > > Subject: [Fwd: CVE Promotions and invalid IDs] > > > > > > Didn't see this making it across the nessus-devel list, so > > resending here. > > > > Thomas > > > -----BEGIN PGP SIGNATURE----- Version: PGP Personal Security 7.0.3 iQA/AwUBPnnhDWBNrGASwj07EQK53QCgpSljpq4L6dawBjoIEnpEygCc2OwAoLi3 jXWEkqzEoxJj5evp8K3oacNk =7Lu2 -----END PGP SIGNATURE-----
