CVE-2011-3587

Sažetak

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.

Reference

http://plone.org/products/plone/security/advisories/20110928
http://plone.org/products/plone-hotfix/releases/20110928
http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
http://secunia.com/advisories/46221
http://secunia.com/advisories/46323
http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587
https://bugzilla.redhat.com/show_bug.cgi?id=742297

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

21-10-2011 - 02:56

Objavljeno

10-10-2011 - 10:55