Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is
designed to bring recent news about CVE, such as new website features, new CNAs, CVE in
the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is
the standard for cybersecurity vulnerability names. The CVE Board provides oversight and
input into CVE's strategic direction, ensuring CVE meets the vulnerability
identification needs of the technology community. CVE Numbering Authorities (CNAs) are
major OS vendors, security researchers, and research organizations that assign CVE
Identifiers (CVE IDs) to newly discovered issues without directly involving MITRE in the
details of the specific vulnerabilities, and include the CVE IDs in the first public
disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the
email newsletter are at the end. Please feel free to pass this newsletter on to
interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/February 27, 2017
-------------------------------------------------------
Contents:
1. "CVE-2005-4900" Is SHA-1 Collision Attack "SHAttered"
2. 1 Product from Avatares Foundation Now Registered as Officially "CVE-Compatible"
3. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
"CVE-2005-4900" Is SHA-1 Collision Attack "SHAttered"
Researchers have published a practical method for crafting a file that shares a valid
SHA-1 signature with another file. This vulnerability in SHA-1 was assigned CVE ID
"CVE-2005-4900" in 2016.
The vulnerability described in the new research is the same as the vulnerability
described in CVE-2005-4900, and this CVE ID can be used when referencing this
vulnerability.
For more information on the results of this additional research, visit
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html, or
http://shattered.io/.
LINKS:
CVE-2005-4900 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4900
Request CVE IDs -
https://cve.mitre.org/cve/request_id.html
CVE News page article -
https://cve.mitre.org/news/archives/2017/news.html#February232017_CVE_2005_4900_Is_SHA_1
_Collision_Attack_SHAttered
---------------------------------------------------------------
1 Product from Avatares Foundation Now Registered as Officially "CVE-Compatible"
One additional cyber security product has achieved the final stage of MITRE's formal CVE
Compatibility Process and is now officially "CVE-Compatible." The product is now
eligible to use the CVE-Compatible Product/Service logo, and a completed and reviewed
"CVE Compatibility Requirements Evaluation" questionnaire is posted for the product as
part of the organization's listing on the CVE-Compatible Products and Services page on
the CVE website. A total of 152 products to-date have been recognized as officially
compatible.
The following product is now registered as officially "CVE-Compatible":
* Avatares Foundation - Pandora-CSF
Use of the official CVE-Compatible logo will allow system administrators and other
security professionals to look for the logo when adopting vulnerability management
products and services for their enterprises and the compatibility process questionnaire
will help end-users compare how different products and services satisfy the CVE
compatibility requirements, and therefore which specific implementations are best for
their networks and systems.
For additional information and to review all products and services listed, visit the
CVE-Compatible Products and Services section of the CVE website at
https://cve.mitre.org/compatible/index.html.
LINKS:
Avatares Foundation -
http://http/www.avatares.co
Pandora-CSF -
https://cve.mitre.org/compatible/questionnaires/172.html
Process -
https://cve.mitre.org/compatible/process.html
Requirements -
https://cve.mitre.org/compatible/requirements.html
CVE News page article -
https://cve.mitre.org/news/archives/2017/news.html#February232017_1_Product_from_Avatare
s_Foundation_Now_Registered_as_Officially_CVE_Compatible
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The
MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical
guidance to the CVE Board and CVE Numbering Authorities on all matters related to
ongoing development of CVE.
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the
following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the
message to: listserv@lists.mitre.org. To subscribe, send an email message to
listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE
CVE-Announce-List".
Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of
The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of
Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications)
at the U.S. Department of Homeland Security (www.dhs.gov).
For more information about CVE, visit the CVE website at https://cve.mitre.org or send
an email to cve@mitre.org.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment