[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- Zope/Plone -- Unspecified vulnerability in Zope v2.12.x and Zope v
From: Josh Bressers <bressers () redhat ! com>
Date: 2011-09-30 16:04:54
Message-ID: cec6ff3d-0bf8-4e07-9baa-0da4e1455238 () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- Original Message -----
> Hello Josh, Steve, vendors,
>
> Plone upstream has published a pre-announcement about a security
> flaw, present in Zope v2.12.x and Zope v2.13.x, which could allow
> execution of arbitrary code by anonymous users. An authenticated
> attacker could provide a specially-crafted web page, which once
> visited by an unsuspecting Zope user would lead to arbitrary commands
> execution with the privileges of the Zope/Plone service.
>
> References:
> [1] http://plone.org/products/plone/security/advisories/20110928
> [2] http://secunia.com/advisories/46221/
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=742297
>
> Note: The vendor announced the final version of the advisory and
> the patch to be available at 2011-10-04 15:00 UTC at the
> following location:
> [4]
> http://plone.org/products/plone/security/advisories/20110928
>
Please use CVE-2011-3587 for this.
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic