CVE-2011-2528 - Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plo

CVE-2011-2528

Summary

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

References

Vulnerable Configurations

cpe:2.3:a:plone:plone_hotfix_20110720:*:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone_hotfix_20110720:*:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:a1:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:a1:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:a2:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:a2:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:a3:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:a3:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:a4:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:a4:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:b1:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:b1:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:b2:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:b2:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:b3:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:b3:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:b4:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:b4:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.3:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.3:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.4:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.4:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.5:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.5:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.6:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.6:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.7:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.7:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.8:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.8:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.9:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.9:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.10:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.10:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.11:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.11:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.12:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.12:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.13:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.13:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.14:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.14:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.15:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.15:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.16:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.16:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.17:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.17:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.18:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.18:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:a1:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:a1:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:a2:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:a2:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:a3:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:a3:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:a4:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:a4:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:b1:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:b1:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:c1:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.0:c1:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 25-07-2011 - 04:00)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	http://plone.org/products/plone-hotfix/releases/20110622 http://plone.org/products/plone/security/advisories/20110622 https://bugzilla.redhat.com/show_bug.cgi?id=718824
mlist	[oss-security] 20110704 CVE request: plone privilege escalation flaw [oss-security] 20110712 Re: CVE request: plone privilege escalation flaw [zone-announce] 20110628 Security Hotfix 20110622 released
secunia	45056 45111

Last major update

25-07-2011 - 04:00

Published

19-07-2011 - 20:55

Last modified

25-07-2011 - 04:00