1. CVE-Search
  2. CVE-2011-0720
ID CVE-2011-0720
Summary Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:conga:*:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:conga:*:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:luci:*:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:luci:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-08-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 676961
    title CVE-2011-0720 plone: unauthorized remote administrative access
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment luci is earlier than 0:0.12.2-24.el5_6.1
            oval oval:com.redhat.rhsa:tst:20110394001
          • comment luci is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhba:tst:20070331002
        • AND
          • comment ricci is earlier than 0:0.12.2-24.el5_6.1
            oval oval:com.redhat.rhsa:tst:20110394003
          • comment ricci is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhba:tst:20070331004
    rhsa
    id RHSA-2011:0394
    released 2011-03-28
    severity Important
    title RHSA-2011:0394: conga security update (Important)
  • rhsa
    id RHSA-2011:0393
rpms
  • conga-debuginfo-0:0.11.2-4.el4.2
  • luci-0:0.11.2-4.el4.2
  • ricci-0:0.11.2-4.el4.2
  • conga-debuginfo-0:0.12.2-24.el5_6.1
  • luci-0:0.12.2-24.el5_6.1
  • ricci-0:0.12.2-24.el5_6.1
refmap via4
bid 46102
confirm http://plone.org/products/plone/security/advisories/cve-2011-0720
osvdb 70753
sectrack 1025258
secunia
  • 43146
  • 43914
vupen ADV-2011-0796
xf plone-unspec-priv-escalation(65099)
Last major update 17-08-2017 - 01:33
Published 03-02-2011 - 17:00
Last modified 17-08-2017 - 01:33
Back to Top