ID CVE-2006-4247
Summary Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."
References
Vulnerable Configurations
  • Plone 2.5
    cpe:2.3:a:plone:plone:2.5
  • cpe:2.3:a:plone:plone:2.5.1_rc
    cpe:2.3:a:plone:plone:2.5.1_rc
CVSS
Base: 6.4 (as of 02-10-2006 - 14:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
refmap via4
confirm http://plone.org/about/security/advisories/cve-2006-4247
Last major update 05-09-2008 - 17:09
Published 29-09-2006 - 15:07
Back to Top