ID CVE-2011-3587
Summary Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
References
Vulnerable Configurations
  • cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.0:a1:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.0:a1:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.0:a2:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.0:a2:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.0:a3:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.0:a3:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.0:a4:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.0:a4:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.0:b1:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.0:b2:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.0:b2:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.0:b3:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.0:b3:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.0:b4:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.0:b4:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.7:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.7:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.8:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.8:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.9:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.9:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.10:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.10:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.11:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.11:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.12:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.12:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.13:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.13:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.14:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.14:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.15:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.15:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.16:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.16:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.17:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.17:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.18:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.18:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.19:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.19:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.12.20:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.12.20:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.0:a1:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.0:a1:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.0:a2:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.0:a2:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.0:a3:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.0:a3:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.0:a4:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.0:a4:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.0:b1:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.0:b1:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.0:c1:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.0:c1:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.8:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.8:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.9:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.9:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.13.10:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.13.10:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 21-10-2011 - 02:56)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
d2sec via4
name Plone RCE
url http://www.d2sec.com/exploits/plone_rce.html
refmap via4
confirm
secunia
  • 46221
  • 46323
saint via4
bid 49857
description Plone Zope SAXutils Command Execution
osvdb 76105
title plone_zope_saxutils_cmd_exec
type remote
Last major update 21-10-2011 - 02:56
Published 10-10-2011 - 10:55
Last modified 21-10-2011 - 02:56
Back to Top