Vulnerability Reporting Form - Text
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Version 1.0 October 1996 CERT(R) Coordination Center Product Vulnerability Reporting Form
If you know of a vulnerability in a product, please complete this form and return it to email@example.com. We aren't able to acknowledge each report we receive; however, if we have additional questions, we will contact you for further information.
We prefer that any vulnerability information you send to us be encrypted. We can support a shared DES key or PGP. Contact the CERT staff for more information.
The CERT PGP public key is available in http://www.cert.org/downloads/pgp/cert_pgp_key.asc.
Thanks, we appreciate your taking the time to report this vulnerability.
CONTACT INFORMATION =============================================================================== Let us know who you are: Name: E-mail: Phone/fax: Affiliation and address:
Have you reported this to the vendor? [yes/no]
If so, please let us know whom you've contacted: Date of your report: Vendor contact name: Vendor contact phone: Vendor contact e-mail: Vendor reference number:
If not, we encourage you to do so--vendors need to hear about vulnerabilities from you as a customer.
POLICY INFO =============================================================================== We encourage communication between vendors and their customers. When we forward a report to the vendor, we include the reporter's name and contact information unless you let us know otherwise.
If you want this report to remain anonymous, please check here: ___ Do not release my identity to your vendor contact.
TECHNICAL INFO =============================================================================== If there is a CERT Vulnerability tracking number please put it here (otherwise leave blank): VU#______.
Please describe the vulnerability.
What is the impact of this vulnerability?
(For example: local user can gain root/privileged access, intruders can create root-owned files, denial of service attack, etc.)
a) What is the specific impact: b) How would you envision it being used in an attack scenario:
To your knowledge is the vulnerability currently being exploited? [yes/no]
If there is an exploitation script available, please include it here.
Do you know what systems and/or configurations are vulnerable? [yes/no] (If yes, please list them below) System: OS version: Verified/Guessed:
Are you aware of any workarounds and/or fixes for this vulnerability? [yes/no] (If you have a workaround or are aware of patches please include the information here.)
OTHER INFORMATION =========================================================================== Is there anything else you would like to tell us?
-------- CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark office.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin) iQEcBAEBAgAGBQJINi3hAAoJEBBA4qoUwz9XG/4IALLp13AgEyqEsXp9janQpSU1 +dKtCSro8VM720y+knEQkRxgXuyS0SevM5MVBllTMeNGXPEopN+iEcm6XtNoJn9Q +iZkKWdUJmL/MKPV5HjB9+KHWL9mfHV5mouUPvbl4NtmxRnMGC0dIkkTnPyeNpPd NNhXIBvb9qO1ap+mCailRS28IcsVKpCORJR6RHk9EGGA5MBQ8qUGfU+OjiovP5pa 4GhqhG7vDHIZu3gQnGH2ycWV/q6xPfP671488QYUGUlNusdGK9zblZZqbstyl+Px QnkIFBpVA31D+1W1hO8rNnCQmR8RWECVGZ5m8NDmvwHrJyDkH0YYcDTwetrzmCo= =ELm9 -----END PGP SIGNATURE-----