From 8632f3f229e0c80fc4787a3f3c71f61778dc1949 Mon Sep 17 00:00:00 2001 From: Kurt Seifried Date: Wed, 5 Dec 2018 13:49:32 -0700 Subject: [PATCH] updated rejected CVE's as per gtheall --- 2018/1000xxx/CVE-2018-1000818.json | 2 +- 2018/1000xxx/CVE-2018-1000819.json | 19 ++++++++++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/2018/1000xxx/CVE-2018-1000818.json b/2018/1000xxx/CVE-2018-1000818.json index dd06b614449..d924729f728 100644 --- a/2018/1000xxx/CVE-2018-1000818.json +++ b/2018/1000xxx/CVE-2018-1000818.json @@ -11,7 +11,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19131, CVE-2018-19132. Reason: This candidate is a duplicate of CVE-2018-19131 and/or CVE-2018-19132. Notes: All CVE users should reference CVE-2018-19131 and/or CVE-2018-19132 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19132. Reason: This candidate is a reservation duplicate of CVE-2018-19132. Notes: All CVE users should reference CVE-2018-19132 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2018/1000xxx/CVE-2018-1000819.json b/2018/1000xxx/CVE-2018-1000819.json index a218b950b24..5d26c3d7d27 100644 --- a/2018/1000xxx/CVE-2018-1000819.json +++ b/2018/1000xxx/CVE-2018-1000819.json @@ -1 +1,18 @@ -{"data_version": "4.0","references": {"reference_data": [{"url": "https://github.com/squid-cache/squid/pull/306"},{"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch"},{"url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt"}]},"description": {"description_data": [{"lang": "eng","value": "The Squid Software Foundation Squid HTTP Proxy version 3.1.12.1 to 3.1.23, 3.2.0.4 to 3.5.28, 4.0 to 4.3 - inclusive contains a Cross Site Scripting (XSS) vulnerability in HTTP(S) error page generation for TLS X.509 certificate errors that can result in Arbitrary HTML/script run by web Browser within scope of CORS origin. This attack appear to be exploitable via Attacker delivers X.509 certificate designed to trigger TLS error page generation using syntax supplied in the certificate. This vulnerability appears to have been fixed in 4.4."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "3.1.12.1 to 3.1.23, 3.2.0.4 to 3.5.28, 4.0 to 4.3 - inclusive"}]},"product_name": "Squid HTTP Proxy"}]},"vendor_name": "The Squid Software Foundation"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-11-27T13:54:33.458510","DATE_REQUESTED": "2018-10-24T16:35:36","ID": "CVE-2018-1000819","ASSIGNER": "kurt@seifried.org","REQUESTER": "squid3@treenet.co.nz"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "Cross Site Scripting (XSS)"}]}]}} \ No newline at end of file +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-1000819", + "STATE" : "REJECT" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19131. Reason: This candidate is a reservation duplicate of CVE-2018-19131. Notes: All CVE users should reference CVE-2018-19131 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +}