CVE-2006-20001 Why is this named 2006

54 Views Asked by Lucas At 25 January 2024 at 15:23

just for my culture I always thougt that CVE was named with this convention : CVE-YEAROFPUBLICATION-ID+1, meaning that the 1st CVE of 2024 would be named CVE-2024-0001 but for this particular CVE it is named 2006, however Published: 2023-01-17Updated: 2023-09-08. It concerns Apache HTTP Server 2.4.54 and earlier (Release of 2.4.54 is July 2022)

Thanks for my culture Lucas

I expected the CVE to be named CVE-2023-XXXXX

Original Q&A

There are 1 best solutions below

esqew On 25 January 2024 at 15:35

The vulnerability was initially described in a 2006 publication "The Art of Software Security Assessment", as mentioned on Apache's security vulnerabilities page; the table in which this is mentioned reproduced below with my emphasis:

Described in first edition of "The Art of Software Security Assessment" 2006-10-31

Reported to security team 2022-08-10

Update 2.4.55 released 2023-01-17

Affects <=2.4.54


Described in first edition of "The Art of Software Security Assessment"	2006-10-31
Reported to security team	2022-08-10
Update 2.4.55 released	2023-01-17
Affects	<=2.4.54

This would correctly adhere to CVE's established nomenclature process (emphasis also mine):

CVE IDs have the following format:
CVE prefix + Year + Arbitrary Digits
The “Year” portion is the year that the CVE ID was reserved or the year the vulnerability was made public. The year portion is not used to indicate when the vulnerability was discovered.

CVE-2006-20001 Why is this named 2006

There are 1 best solutions below

Related Questions in SECURITY

Related Questions in CVE

Trending Questions

Popular # Hahtags

Popular Questions