> Henri, > In fact seems both are allow :-( as the this cve : > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3259 > reference openbsd and openssh as vendor ??? > > Now, i don't know how to distinguish between the 2 :-( > I don't know neither...
Nevertheless I can see (only) two entries like this in the CPE dictionary[1]. According to the CPE specification (2.2), the vendor part "should be the highest organization-specific label of the organization's DNS name". My understanding of this leads to openbsd (http://www.openbsd.org) and makes me think that cpe:/a:openssh:openssh entries should probably be deprecated. [1] http://web.nvd.nist.gov/view/cpe/search/results?searchChoice=name&searchText=cpe%3A%2Fa%3Aopenssh%3Aopenssh -- Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
