Author: carnil
Date: 2017-08-08 20:13:03 +0000 (Tue, 08 Aug 2017)
New Revision: 54447

Update note for CVE-2017-1000031

Modified: data/CVE/list
--- data/CVE/list       2017-08-08 20:04:36 UTC (rev 54446)
+++ data/CVE/list       2017-08-08 20:13:03 UTC (rev 54447)
@@ -3913,8 +3913,14 @@
 CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in 
Cacti ...)
        - cacti <unfixed>
-       NOTE: Finding 1 looks like duplicate of of CVE-2014-4002. Finding 2.1 
duplicate of
-       NOTE: CVE-2016-3172 and finding 2.2 as well duplicate of CVE-2014-4002.
+       NOTE: MITRE disagrees that this CVE is a duplicate of CVE-2014-4002 and 
+       NOTE: MITRE believes that CVE-2017-1000031 is a different vulnerability 
+       NOTE: CVE-2014-4002 and CVE-2016-3172. This is because they seprate on 
+       NOTE: type, so it cannot be a duplicate of CVE-2014-4002 despite 
sharing attack
+       NOTE: vectors with this vulnerability, and covers different attack 
vectors than
+       NOTE: CVE-2016-3172 despite sharing vulnerability type, and appears to 
+       NOTE: independently fixable from said vulnerability based on the fix 
provided here:
+       NOTE:
        NOTE: According to
        NOTE: the first issue was fixed by
        NOTE: whereas the secod issue was fixed by

Secure-testing-commits mailing list

Reply via email to