CERT-SEI

Vulnerability Reporting Form - Text

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Version 1.0
October 1996
            CERT(R) Coordination Center
        Product Vulnerability Reporting Form
If you know of a vulnerability in a product, please complete this form and return it to
cert@cert.org. We aren't able to acknowledge each report we receive; however, if we
have additional questions, we will contact you for further information.
We prefer that any vulnerability information you send to us be encrypted. We can
support a shared DES key or PGP. Contact the CERT staff for more information.
The CERT PGP public key is available in http://www.cert.org/downloads/pgp/cert_pgp_key.asc.
Thanks, we appreciate your taking the time to report this vulnerability.

CONTACT INFORMATION
===============================================================================
Let us know who you are:
    Name:
    E-mail:
    Phone/fax:
    Affiliation and address:
Have you reported this to the vendor? [yes/no]
If so, please let us know whom you've contacted:
    Date of your report:
    Vendor contact name:
    Vendor contact phone:
    Vendor contact e-mail:
    Vendor reference number:
If not, we encourage you to do so--vendors need to hear about vulnerabilities
from you as a customer.
POLICY INFO
===============================================================================
We encourage communication between vendors and their customers. When we forward
a report to the vendor, we include the reporter's name and contact
information unless you let us know otherwise.
If you want this report to remain anonymous, please check here:
    ___ Do not release my identity to your vendor contact.
TECHNICAL INFO
===============================================================================
If there is a CERT Vulnerability tracking number please put it here (otherwise
leave blank): VU#______.
Please describe the vulnerability.
What is the impact of this vulnerability?
(For example: local user can gain root/privileged access, intruders can create root-owned files, denial of service attack, etc.)
 a) What is the specific impact:
b) How would you envision it being used in an attack scenario:
To your knowledge is the vulnerability currently being exploited?
    [yes/no]
If there is an exploitation script available, please include it here.
Do you know what systems and/or configurations are vulnerable?
    [yes/no] (If yes, please list them below)
    System:
    OS version:
    Verified/Guessed:
Are you aware of any workarounds and/or fixes for this vulnerability?
    [yes/no] (If you have a workaround or are aware of patches
    please include the information here.)
OTHER INFORMATION
===========================================================================
Is there anything else you would like to tell us?

 

 

--------
CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark office.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iQEcBAEBAgAGBQJINi3hAAoJEBBA4qoUwz9XG/4IALLp13AgEyqEsXp9janQpSU1
+dKtCSro8VM720y+knEQkRxgXuyS0SevM5MVBllTMeNGXPEopN+iEcm6XtNoJn9Q
+iZkKWdUJmL/MKPV5HjB9+KHWL9mfHV5mouUPvbl4NtmxRnMGC0dIkkTnPyeNpPd
NNhXIBvb9qO1ap+mCailRS28IcsVKpCORJR6RHk9EGGA5MBQ8qUGfU+OjiovP5pa
4GhqhG7vDHIZu3gQnGH2ycWV/q6xPfP671488QYUGUlNusdGK9zblZZqbstyl+Px
QnkIFBpVA31D+1W1hO8rNnCQmR8RWECVGZ5m8NDmvwHrJyDkH0YYcDTwetrzmCo=
=ELm9
-----END PGP SIGNATURE-----

Get More Information About Reporting Vulnerabilities