I definitely believe this is an excersize worth doing. I have a
customers that classify and track everything by CVE/BID/OSVDB etc. I
for one also provide active links in custom reports to other databases
of information that use the numbers. i.e directly to ICAT, security
focus and OSVDB.
Any time links to more information about vulnerabilities can be added
to the nessus information, I would consider it a plus. Also helps
with mitigation and documenting false posities on our networks.
RPM
On 7/4/05, Jayesh KS <k.s.jayesh@gmail.com> wrote:
> Hi,
>
> I was just going through some of the plugins and noticed that many of
> them were not having any CVE IDs at the time of writing but later got
> assigned, which are not updated in the plugins.
> I have made a partial list of such scripts and their CVE ID's . I
> think there are many other such scripts that do not have CVE ID's. I
> thought it would be beneficial for all. Is this exercise worth
> carrying out? Any thoughts?
>
>
> basilix_arbitrary_file_disclosure.nasl CAN-2002-1710 BID-5062
> basilix_attachment_disclosure.nasl CAN-2002-1711 BID-5065
> basilix_message_content_script_injection.nasl CAN-2002-1708 BID-5060
> basilix_sql_injection.nasl CAN-2002-1709 BID-5061
> bookreview_xss.nasl CAN-2005-1782 BID-13783
> cherokee_dir_traversal.nasl CAN-2001-1433 CAN-2001-1432
> BID-3771,3772
> cherokee_remote_cmd.nasl CAN-2001-1433 BID-3771,3773
> easy_message_board_cmd_exec.nasl CAN-2005-1549 BID-13555, 13551
> CAN-2005-1550
> episodex_guestbook.nasl CAN-2005-1684 BID-13692, 13693
> delegate_overflow2.nasl CAN-2005-0759, CAN-2005-0760,
> CAN-2005-0761 BID-12867
> cutenews_show_news_xss.nasl CAN-2004-0660 BID-10620, 10750
> calendarix_sql.nasl CAN-2005-1865 BID-13825, 13826
> calendar_scheduler_xss.nasl CAN-2005-0872 BID-12893
>
>
> Regards,
> Jayesh KS.
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/plugins-writers
>
customers that classify and track everything by CVE/BID/OSVDB etc. I
for one also provide active links in custom reports to other databases
of information that use the numbers. i.e directly to ICAT, security
focus and OSVDB.
Any time links to more information about vulnerabilities can be added
to the nessus information, I would consider it a plus. Also helps
with mitigation and documenting false posities on our networks.
RPM
On 7/4/05, Jayesh KS <k.s.jayesh@gmail.com> wrote:
> Hi,
>
> I was just going through some of the plugins and noticed that many of
> them were not having any CVE IDs at the time of writing but later got
> assigned, which are not updated in the plugins.
> I have made a partial list of such scripts and their CVE ID's . I
> think there are many other such scripts that do not have CVE ID's. I
> thought it would be beneficial for all. Is this exercise worth
> carrying out? Any thoughts?
>
>
> basilix_arbitrary_file_disclosure.nasl CAN-2002-1710 BID-5062
> basilix_attachment_disclosure.nasl CAN-2002-1711 BID-5065
> basilix_message_content_script_injection.nasl CAN-2002-1708 BID-5060
> basilix_sql_injection.nasl CAN-2002-1709 BID-5061
> bookreview_xss.nasl CAN-2005-1782 BID-13783
> cherokee_dir_traversal.nasl CAN-2001-1433 CAN-2001-1432
> BID-3771,3772
> cherokee_remote_cmd.nasl CAN-2001-1433 BID-3771,3773
> easy_message_board_cmd_exec.nasl CAN-2005-1549 BID-13555, 13551
> CAN-2005-1550
> episodex_guestbook.nasl CAN-2005-1684 BID-13692, 13693
> delegate_overflow2.nasl CAN-2005-0759, CAN-2005-0760,
> CAN-2005-0761 BID-12867
> cutenews_show_news_xss.nasl CAN-2004-0660 BID-10620, 10750
> calendarix_sql.nasl CAN-2005-1865 BID-13825, 13826
> calendar_scheduler_xss.nasl CAN-2005-0872 BID-12893
>
>
> Regards,
> Jayesh KS.
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/plugins-writers
>