Moritz Muehlenhoff
2005-Jun-01 08:43 UTC
[Secure-testing-commits] r1185 - sarge-checks/CAN
Author: jmm-guest Date: 2005-06-01 08:43:43 +0000 (Wed, 01 Jun 2005) New Revision: 1185 Modified: sarge-checks/CAN/list Log: CAN-2005-0039 not an issue. Modified: sarge-checks/CAN/list ==================================================================--- sarge-checks/CAN/list 2005-06-01 08:09:57 UTC (rev 1184) +++ sarge-checks/CAN/list 2005-06-01 08:43:43 UTC (rev 1185) @@ -5965,7 +5965,9 @@ CAN-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...) NOTE: not-for-us (DotNetNuke) CAN-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...) - TODO: check + NOTE: These are known issues of IPSEC and basically every VPN system using + NOTE: encryption without authentication. + NOTE: openswan even prevents such configurations CAN-2005-0038 NOTE: reserved CAN-2005-0037