Mailing List Archive

Andrew Paterson wrote:
> We just noticed that the CVSS score given for 34265 ProFTPD Cross-Site
> Request Forgery differs between the NVD and the Nessus plugin:
>
>>From the NVD:
>
> 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
> http://web.nvd.nist.gov/view/vuln/detail;jsessionid=72aa4f08c9e300544d7c7389a14b?execution=e1s1

This link should work better:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4242

Andrew.

>
>>From the Nessus plugin:
>
> 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
> http://www.nessus.org/plugins/index.php?view=single&id=34265
>
> Hopefully someone can resolve the inconsistency?
>
> Regards,
>
> Andrew
>
>

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

On Nov 4, 2008, at 6:28 AM, Andrew Paterson wrote:

> We just noticed that the CVSS score given for 34265 ProFTPD Cross-Site
> Request Forgery differs between the NVD and the Nessus plugin:

Thanks for pointing this out, Andrew. I've just committed a change to
the plugin to use NIST's score. The update should become available
through the plugin feed in a couple of hours.

George
--
theall@tenablesecurity.com



_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers