Mailing List Archive: Nessus: plugins

34265 ProFTPD CSRF - CVSS score inconsistency

Index | Next | Previous | View Threaded

scans at westpoint

Nov 4, 2008, 3:28 AM

Post #1 of 3 (1460 views)
Permalink

34265 ProFTPD CSRF - CVSS score inconsistency

We just noticed that the CVSS score given for 34265 ProFTPD Cross-Site
Request Forgery differs between the NVD and the Nessus plugin:

>From the NVD:

6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
http://web.nvd.nist.gov/view/vuln/detail;jsessionid=72aa4f08c9e300544d7c7389a14b?execution=e1s1

>From the Nessus plugin:

5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
http://www.nessus.org/plugins/index.php?view=single&id=34265

Hopefully someone can resolve the inconsistency?

Regards,

Andrew
_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

scans at westpoint

Nov 4, 2008, 4:01 AM

Post #2 of 3 (1371 views)
Permalink

Re: 34265 ProFTPD CSRF - CVSS score inconsistency [In reply to]

Andrew Paterson wrote:
> We just noticed that the CVSS score given for 34265 ProFTPD Cross-Site
> Request Forgery differs between the NVD and the Nessus plugin:
>
>>From the NVD:
>
> 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
> http://web.nvd.nist.gov/view/vuln/detail;jsessionid=72aa4f08c9e300544d7c7389a14b?execution=e1s1

This link should work better:

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4242

Andrew.

>
>>From the Nessus plugin:
>
> 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
> http://www.nessus.org/plugins/index.php?view=single&id=34265
>
> Hopefully someone can resolve the inconsistency?
>
> Regards,
>
> Andrew
>
>

_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

theall at tenablesecurity

Nov 4, 2008, 9:02 AM

Post #3 of 3 (1370 views)
Permalink

Re: 34265 ProFTPD CSRF - CVSS score inconsistency [In reply to]

On Nov 4, 2008, at 6:28 AM, Andrew Paterson wrote:

> We just noticed that the CVSS score given for 34265 ProFTPD Cross-Site
> Request Forgery differs between the NVD and the Nessus plugin:

Thanks for pointing this out, Andrew. I've just committed a change to
the plugin to use NIST's score. The update should become available
through the plugin feed in a couple of hours.

George
--
theall [at] tenablesecurity

_______________________________________________
Plugins-writers mailing list
Plugins-writers [at] list
http://mail.nessus.org/mailman/listinfo/plugins-writers

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads