CVE-2007-5741

Sažetak

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Reference

http://osvdb.org/42071
http://osvdb.org/42072
http://plone.org/about/security/advisories/cve-2007-5741
http://secunia.com/advisories/27530
http://secunia.com/advisories/27559
http://www.debian.org/security/2007/dsa-1405
http://www.securityfocus.com/archive/1/483343/100/0/threaded
http://www.securityfocus.com/bid/26354
http://www.vupen.com/english/advisories/2007/3754
https://exchange.xforce.ibmcloud.com/vulnerabilities/38288

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-10-2018 - 21:46

Objavljeno

07-11-2007 - 21:46