ID CVE-2006-4247
Summary Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."
References
Vulnerable Configurations
  • cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 05-09-2008 - 21:09)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
confirm http://plone.org/about/security/advisories/cve-2006-4247
Last major update 05-09-2008 - 21:09
Published 29-09-2006 - 19:07
Last modified 05-09-2008 - 21:09
Back to Top