ID CVE-2011-0720
Summary Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
References
Vulnerable Configurations
  • Plone 2.5.5
    cpe:2.3:a:plone:plone:2.5.5
  • Plone 3.0.3
    cpe:2.3:a:plone:plone:3.0.3
  • Plone 2.5.4
    cpe:2.3:a:plone:plone:2.5.4
  • Plone 3.0.2
    cpe:2.3:a:plone:plone:3.0.2
  • Plone 3.0.1
    cpe:2.3:a:plone:plone:3.0.1
  • Plone 3.0.6
    cpe:2.3:a:plone:plone:3.0.6
  • Plone 3.1.3
    cpe:2.3:a:plone:plone:3.1.3
  • Plone 3.1.2
    cpe:2.3:a:plone:plone:3.1.2
  • Plone 3.1.4
    cpe:2.3:a:plone:plone:3.1.4
  • Plone 3.0.5
    cpe:2.3:a:plone:plone:3.0.5
  • Plone 3.1
    cpe:2.3:a:plone:plone:3.1
  • Plone 3.1.1
    cpe:2.3:a:plone:plone:3.1.1
  • Plone 3.1.6
    cpe:2.3:a:plone:plone:3.1.6
  • Plone 3.2
    cpe:2.3:a:plone:plone:3.2
  • Plone 3.1.5.1
    cpe:2.3:a:plone:plone:3.1.5.1
  • Plone 3.1.7
    cpe:2.3:a:plone:plone:3.1.7
  • Plone 3.2.1
    cpe:2.3:a:plone:plone:3.2.1
  • Plone 3.2.2
    cpe:2.3:a:plone:plone:3.2.2
  • Plone 3.3
    cpe:2.3:a:plone:plone:3.3
  • Plone 3.2.3
    cpe:2.3:a:plone:plone:3.2.3
  • Plone 3.3.1
    cpe:2.3:a:plone:plone:3.3.1
  • Plone 3.0.4
    cpe:2.3:a:plone:plone:3.0.4
  • Plone 3.3.3
    cpe:2.3:a:plone:plone:3.3.3
  • Plone 3.0
    cpe:2.3:a:plone:plone:3.0
  • Plone 2.5.3
    cpe:2.3:a:plone:plone:2.5.3
  • Plone 3.3.2
    cpe:2.3:a:plone:plone:3.3.2
  • Plone 2.5.2
    cpe:2.3:a:plone:plone:2.5.2
  • Plone 3.3.4
    cpe:2.3:a:plone:plone:3.3.4
  • Plone 2.5.1
    cpe:2.3:a:plone:plone:2.5.1
  • Plone 3.3.5
    cpe:2.3:a:plone:plone:3.3.5
  • Plone 2.5
    cpe:2.3:a:plone:plone:2.5
  • Plone 4.0
    cpe:2.3:a:plone:plone:4.0
  • cpe:2.3:a:redhat:luci
    cpe:2.3:a:redhat:luci
  • Red Hat Conga
    cpe:2.3:a:redhat:conga
CVSS
Base: 7.5 (as of 04-02-2011 - 11:49)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110328_CONGA_ON_SL4_X.NASL
    description The conga packages provide a web-based administration tool for remote cluster and storage management. A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. (CVE-2011-0720) Users of Conga are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, luci must be restarted ('service luci restart') for the update to take effect. SL 4x
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60996
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60996
    title Scientific Linux Security Update : conga on SL4.x i386/x86_64
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_7C492EA2356611E08E810022190034C0.NASL
    description Plone developer reports : This is an escalation of privileges attack that can be used by anonymous users to gain access to a Plone site's administration controls, view unpublished content, create new content and modify a site's skin. The sandbox protecting access to the underlying system is still in place, and it does not grant access to other applications running on the same Zope instance.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 56079
    published 2011-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56079
    title FreeBSD : plone -- Remote Security Bypass (7c492ea2-3566-11e0-8e81-0022190034c0)
  • NASL family CGI abuses
    NASL id PLONE_AUTHENTICATION_BYPASS.NASL
    description The version of Plone on the remote host fails to require authentication to access several sensitive functions. Plone is built on top of Zope, which maps Python objects and their methods to URLs. Methods can have security restrictions, such as requiring a login account or a specific privilege level, applied to them to limit access. The installed version of Plone permits access to several methods that allow the adding, deleting, and changing content and users.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 53546
    published 2011-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53546
    title Plone Security Bypass
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-0394.NASL
    description Updated conga packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The conga packages provide a web-based administration tool for remote cluster and storage management. A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. (CVE-2011-0720) Users of Conga are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, luci must be restarted ('service luci restart') for the update to take effect.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 63975
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63975
    title RHEL 5 : conga (RHSA-2011:0394)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110329_CONGA_ON_SL5_X.NASL
    description A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. (CVE-2011-0720)
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 60997
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60997
    title Scientific Linux Security Update : conga on SL5.x i386/x86_64
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-0394.NASL
    description Updated conga packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The conga packages provide a web-based administration tool for remote cluster and storage management. A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. (CVE-2011-0720) Users of Conga are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, luci must be restarted ('service luci restart') for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 53504
    published 2011-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53504
    title CentOS 5 : conga (CESA-2011:0394)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-0394.NASL
    description From Red Hat Security Advisory 2011:0394 : Updated conga packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The conga packages provide a web-based administration tool for remote cluster and storage management. A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. (CVE-2011-0720) Users of Conga are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, luci must be restarted ('service luci restart') for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 68240
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68240
    title Oracle Linux 5 : conga (ELSA-2011-0394)
redhat via4
advisories
  • bugzilla
    id 676961
    title CVE-2011-0720 plone: unauthorized remote administrative access
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment luci is earlier than 0:0.12.2-24.el5_6.1
          oval oval:com.redhat.rhsa:tst:20110394004
        • comment luci is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070640003
      • AND
        • comment ricci is earlier than 0:0.12.2-24.el5_6.1
          oval oval:com.redhat.rhsa:tst:20110394002
        • comment ricci is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070640005
    rhsa
    id RHSA-2011:0394
    released 2011-03-28
    severity Important
    title RHSA-2011:0394: conga security update (Important)
  • rhsa
    id RHSA-2011:0393
rpms
  • luci-0:0.12.2-24.el5_6.1
  • ricci-0:0.12.2-24.el5_6.1
refmap via4
bid 46102
confirm http://plone.org/products/plone/security/advisories/cve-2011-0720
osvdb 70753
sectrack 1025258
secunia
  • 43146
  • 43914
vupen ADV-2011-0796
xf plone-unspec-priv-escalation(65099)
Last major update 29-04-2011 - 00:00
Published 03-02-2011 - 12:00
Last modified 16-08-2017 - 21:33
Back to Top