Re: MODIFY-01 cluster: 25 CERT candidates moved to MODIFICATIONphase
A question that will come up again and again is whether the CVE lists:
attack types (exploits)
Or something completely different.
From my point of view, if the software involved harkens from a
different code base, then it merits a different listing. Thus, a
buffer overflow in mail servers should take multiple listings if it
affects different servers.
The attack may be the same. The underlying software flaw is the
same. But the CVE should reflect the configuration that is
vulnerable, and that may require multiple entries.