Hi Florian, * Florian Weimer <[EMAIL PROTECTED]> [2007-11-02 10:13]: > > CVE-2007-5695 (command.php in SiteBar 3.3.8 allows remote attackers to > > redirect users ...) > > - - sitebar <unfixed> (low; bug #448690) > > + - sitebar <unfixed> (unimportant; bug #448690) > > + NOTE: there is no real exploit scenario > > I disagree with that assessment. Open redirectors pose at least a very > real reputation risk.
Yes for sites with some kind of trust-level. I agree if this would be the web application for online banking but what is your exploit szenario in this case? Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpHrrcKMjAZ0.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
