Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Pranay Kanwar (warl0ckmetaeye.org)
Date: Fri Aug 17 2007 - 02:27:33 CDT
I fully agree with your explanation and reason on the JWIG issue.
warl0ck // MSG
Steven M. Christey wrote:
> On Fri, 17 Aug 2007, Pranay Kanwar wrote:
>> Frankly i now feel, that its not SecNiche's fault entirely, it has got a
>> lot of encouragement from its past invalid and absurd claims.
>> Such as
>> _JWIG Context Dependent Template Calling Denial of Service Vulnerability._
> I characterized this as a design limitation that could become an issue in
> applications that are written using JWIG, not JWIG itself:
> Yet nobody followed up on this to dispute my assessment or agree with it.
> What is your opinion?
>> Also i am pretty sure the above links will stay forever and i don't suppose i
>> have to explain why.
> The CVEs will remain as a record of a report that was heavily disputed;
> unlike other vuln DBs, CVE and OSVDB don't just erase records when an
> issue is disputed. We want a provable resolution to such disputes, if one
> ever arises.
> - Steve
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/