|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Neatgear just created http://kb.netgear.com/000036386/CVE-2016-582384
- To: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
- Subject: Re: Neatgear just created http://kb.netgear.com/000036386/CVE-2016-582384
- From: jericho <jericho@attrition.org>
- Date: Tue, 13 Dec 2016 23:44:26 -0600
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=attrition.org;mitre.org; dkim=none (message not signed) header.d=none;
- Cc: Kurt Seifried <kseifried@redhat.com>, cve-cna-list <cve-cna-list@lists.mitre.org>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Wed Dec 14 07:54:35 2016
- Importance: high
- In-reply-to: <5068B024-D4D2-4B6C-87C2-B1D79D96EF3B@mitre.org>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CANO=Ty1RyjuGo07ChdLHVQO6GEUUHdpux1C3yB_iZ1WDUP0jFw@mail.gmail.com> <5068B024-D4D2-4B6C-87C2-B1D79D96EF3B@mitre.org>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
- User-agent: Alpine 2.00 (LNX 1167 2008-08-23)
On Tue, 13 Dec 2016, Adinolfi, Daniel R wrote: : If you put in "http://kb.netgear.com/000036386/";, the page you linked is : what loads. (In fact, it seems anything after the /000036386/ directory : will load the page for VU# 582384 at the URL below.) : : My guess is they are using some unfortunate templating and redirecting : that allows them to update the URL without breaking anything. From where : did you get that URL originally? Honestly, why does that matter? Google will index netgear's site routinely regardless of where Kurt found it. https://www.google.com/search?sourceid=chrome-psyapi2&ion=1&espv=2&ie=UTF-8&q=inurl%3A%22CVE-2016-582384%22&oq=inurl%3A%22CVE-2016-582384%22&aqs=chrome..69i57j69i58.5363j0j7 The real question is... since Netgear isn't a listed as a CNA [1], what is the protocol for reaching out to them about such an incident? .b [1] https://cve.mitre.org/cve/cna.html
- References:
- Neatgear just created http://kb.netgear.com/000036386/CVE-2016-582384
- From: Kurt Seifried <kseifried@redhat.com>
- Re: Neatgear just created http://kb.netgear.com/000036386/CVE-2016-582384
- From: "Adinolfi, Daniel R" <dadinolfi@mitre.org>
- Neatgear just created http://kb.netgear.com/000036386/CVE-2016-582384
- Prev by Date: RE: Nomination of Takayuki Uchiyama to the CVE Board
- Next by Date: Email address for people who want to be CNAs
- Previous by thread: Re: Neatgear just created http://kb.netgear.com/000036386/CVE-2016-582384
- Next by thread: RE: Nomination of Takayuki Uchiyama to the CVE Board
- Index(es):