Lucene search

[email protected]CVE-2012-5507

HistorySep 30, 2014 - 2:55 p.m.

CVE-2012-5507

2014-09-3014:55:00

CWE-362

[email protected]

web.nvd.nist.gov

cve

accesscontrol

authencoding

zope

plone

remote attack

password

timing discrepancies

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

CPENameOperatorVersion
zope:zopezopeeq2.8.8
zope:zopezopeeq2.10.8
zope:zopezopeeq2.7.0
zope:zopezopeeq2.11.1
zope:zopezopeeq2.11.3
zope:zopezopeeq2.9.2
zope:zopezopeeq2.7.6
zope:zopezopeeq2.9.4
zope:zopezopeeq2.9.5
zope:zopezopeeq2.7.5

CPE	Name	Operator	Version
zope:zope	zope	eq	2.8.8
zope:zope	zope	eq	2.10.8
zope:zope	zope	eq	2.7.0
zope:zope	zope	eq	2.11.1
zope:zope	zope	eq	2.11.3
zope:zope	zope	eq	2.9.2
zope:zope	zope	eq	2.7.6
zope:zope	zope	eq	2.9.4
zope:zope	zope	eq	2.9.5
zope:zope	zope	eq	2.7.5

Rows per page:

1-10 of 931

References

www.openwall.com/lists/oss-security/2012/11/10/1

bugs.launchpad.net/zope2/+bug/1071067

github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

plone.org/products/plone-hotfix/releases/20121106

plone.org/products/plone/security/advisories/20121106/23

6.8 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for CVE-2012-5507

cvelist1 osv3 prion1 github1