|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marc Matteo (marcm
lectroid.net)Date: Mon Mar 25 2002 - 15:57:53 CST
On Mon, 25 Mar 2002, Panayiotis A. Thermos wrote:
> So if you can access another object or resource on a server through an
> application's interface
> by manipulating the reference points of a function, it will be categorized
> as Application Implementation vulnerability.
Like a buffer overflow.
> If the the object is accessed based on the use of different credentials
> (certificates/ user id's etc.), then
> it will fall under the misconfiguration category.
So a world readable /etc/passwd file that can be read is a
misconfiguration?
> I hope this helps.
No. :)
Not that it matters, David made what he's afetr clear enough :).
Marc
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]