__
> From: Kurt Seifried
> Sent: Friday, September 24, 2021 10:08 AM
> To: Steven M Christey
> Cc: Walton, Jeffrey; CWE Research Discussion
> Subject: Re: Cross-configuration attacks
>
>
>
> On Thu, Sep 23, 2021 at 11:02 PM Steven M C
4, 2021 10:08 AM
To: Steven M Christey
Cc: Walton, Jeffrey; CWE Research Discussion
Subject: Re: Cross-configuration attacks
On Thu, Sep 23, 2021 at 11:02 PM Steven M Christey
mailto:co...@mitre.org>> wrote:
Just a couple quick comments since it’s late for me :)
CWE-435: Improper Int
are fine by themselves,
but there can be weaknesses in a parent component that instantiates both the
blocks.
Thanks,
Arun
From: Kurt Seifried
Sent: Thursday, September 23, 2021 8:20 PM
To: noloa...@gmail.com
Cc: cwe-research-l...@lists.mitre.org
Subject: Re: Cross-configuration attacks
I assum
t;
> *From:* Kurt Seifried
> *Sent:* Thursday, September 23, 2021 11:20 PM
> *To:* Walton, Jeffrey
> *Cc:* CWE Research Discussion
> *Subject:* Re: Cross-configuration attacks
>
>
>
> I assume by CVE you meant CWE, and no there isn't a CWE for "intersection"
.
- Paul
From: John Thomas
Sent: Friday, September 24, 2021 8:22 AM
To: Kurt Seifried ; noloa...@gmail.com
Cc: cwe-research-l...@lists.mitre.org
Subject: RE: Cross-configuration attacks
I think the issue here is the ambiguity in the behavior. If App A knows App B’s
behavior fully and with no
Sent: Friday, September 24, 2021 4:28:07 AM
To: Steven M Christey mailto:co...@mitre.org>>
Cc: Seifried, Kurt mailto:k...@seifried.org>>; Walton,
Jeffrey mailto:noloa...@gmail.com>>; CWE Research
Discussion mailto:cwe-research-list@mitre.org>>
Subject: Re: Cross-configuratio
even M Christey
Cc: Seifried, Kurt ; Walton, Jeffrey ;
CWE Research Discussion
Subject: Re: Cross-configuration attacks
About configurations, I’m still scratching my head about where PrintNightmare’s
“Insecure by design” would fall (fail?).
Best,
Sebastian
On Sep 24, 2021, at 1:01 AM, St
also relevant for defense-in-depth).
Is there a CWE for ambiguity in security protocols between multiple parties?
With regards,
John Thomas
From: Kurt Seifried
Sent: Thursday, September 23, 2021 11:20 PM
To: noloa...@gmail.com
Cc: cwe-research-l...@lists.mitre.org
Subject: Re: Cross
t;
> From: Kurt Seifried
> Sent: Thursday, September 23, 2021 11:20 PM
> To: Walton, Jeffrey
> Cc: CWE Research Discussion
> Subject: Re: Cross-configuration attacks
>
> I assume by CVE you meant CWE, and no there isn't a CWE for "intersection" or
&g
23, 2021 11:20 PM
To: Walton, Jeffrey
Cc: CWE Research Discussion
Subject: Re: Cross-configuration attacks
I assume by CVE you meant CWE, and no there isn't a CWE for "intersection" or
"mismatch" attacks. I don't like the term cross-configuration unless it's
I assume by CVE you meant CWE, and no there isn't a CWE for "intersection"
or "mismatch" attacks. I don't like the term cross-configuration unless
it's actually applied to issues that are created by configuration issues,
my concern would be technically any intersection vulnerability can be
classed
11 matches
Mail list logo