I have a few questions about how to interpret the vulnerability
information on SecurityFocus.
1) For BID 30140 we have:
"Sun SDK (Linux Production Release) 1.3.1 _22" is listed as both
vulnerable and non-vulnerable
"Sun JRE (Linux Production Release) 1.4.2" is listed 5 times as vulnerable
What is the meaning of that, or are they just glitches in the data ?
2) What is the meaning of the ± listing ?
For instance, on DIB 10078 "Jarle Aase War FTPD 1.67 b05" is listed as
non-vulnerable with the - tags
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
What does that mean ?
3) (related to question 2)
For BID 3786, "Apache Software Foundation Apache 1.3.20" is listed as
both vulnerable and non-vulnerable, but with different ± listings. What
does that mean ?
4) Is there a document describing how to interpret the content of the
BID on security focus ?
Thanks a lot !
--
François Gagnon Ph.D. Student
Network Management and
Artificial Intelligence Laboratory
Carleton University
I have a few questions about how to interpret the vulnerability
information on SecurityFocus.
1) For BID 30140 we have:
"Sun SDK (Linux Production Release) 1.3.1 _22" is listed as both
vulnerable and non-vulnerable
"Sun JRE (Linux Production Release) 1.4.2" is listed 5 times as vulnerable
What is the meaning of that, or are they just glitches in the data ?
2) What is the meaning of the ± listing ?
For instance, on DIB 10078 "Jarle Aase War FTPD 1.67 b05" is listed as
non-vulnerable with the - tags
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
What does that mean ?
3) (related to question 2)
For BID 3786, "Apache Software Foundation Apache 1.3.20" is listed as
both vulnerable and non-vulnerable, but with different ± listings. What
does that mean ?
4) Is there a document describing how to interpret the content of the
BID on security focus ?
Thanks a lot !
--
François Gagnon Ph.D. Student
Network Management and
Artificial Intelligence Laboratory
Carleton University
www.sce.carleton.ca/~fgagnon
[ reply ]