Lucene search

[email protected]CVE-2015-7315

HistorySep 25, 2017 - 5:29 p.m.

CVE-2015-7315

2017-09-2517:29:00

CWE-284

[email protected]

web.nvd.nist.gov

plone

cve-2015-7315

remote attackers

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.

Affected configurations

NVD

Node

ploneploneMatch3.3

ploneploneMatch3.3.1

ploneploneMatch3.3.2

ploneploneMatch3.3.3

ploneploneMatch3.3.4

ploneploneMatch3.3.5

ploneploneMatch3.3.6

ploneploneMatch4.0

ploneploneMatch4.0.1

ploneploneMatch4.0.2

ploneploneMatch4.0.3

ploneploneMatch4.0.4

ploneploneMatch4.0.5

ploneploneMatch4.0.7

ploneploneMatch4.0.8

ploneploneMatch4.0.9

ploneploneMatch4.0.10

ploneploneMatch4.1

ploneploneMatch4.1.1

ploneploneMatch4.1.2

ploneploneMatch4.1.3

ploneploneMatch4.1.4

ploneploneMatch4.1.5

ploneploneMatch4.1.6

ploneploneMatch4.2

ploneploneMatch4.2.1

ploneploneMatch4.2.2

ploneploneMatch4.2.3

ploneploneMatch4.2.4

ploneploneMatch4.2.5

ploneploneMatch4.2.6

ploneploneMatch4.2.7

ploneploneMatch4.3

ploneploneMatch4.3.1

ploneploneMatch4.3.2

ploneploneMatch4.3.3

ploneploneMatch4.3.4

ploneploneMatch4.3.5

ploneploneMatch4.3.6

ploneploneMatch5.0rc1

CPENameOperatorVersion
plone:ploneploneeq3.3
plone:ploneploneeq3.3.1
plone:ploneploneeq3.3.2
plone:ploneploneeq3.3.3
plone:ploneploneeq3.3.4
plone:ploneploneeq3.3.5
plone:ploneploneeq3.3.6
plone:ploneploneeq4.0
plone:ploneploneeq4.0.1
plone:ploneploneeq4.0.2

CPE	Name	Operator	Version
plone:plone	plone	eq	3.3
plone:plone	plone	eq	3.3.1
plone:plone	plone	eq	3.3.2
plone:plone	plone	eq	3.3.3
plone:plone	plone	eq	3.3.4
plone:plone	plone	eq	3.3.5
plone:plone	plone	eq	3.3.6
plone:plone	plone	eq	4.0
plone:plone	plone	eq	4.0.1
plone:plone	plone	eq	4.0.2

Rows per page:

1-10 of 401

References

www.openwall.com/lists/oss-security/2015/09/22/13

bugzilla.redhat.com/show_bug.cgi?id=1264791

github.com/zopefoundation/Products.CMFCore/commit/e1d981bfa14b664317285f0f36498f4be4a23406

plone.org/security/hotfix/20150910/anonymous-is-able-to-create-plone-members

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

Related for CVE-2015-7315

osv2 nvd1 cvelist1 github1 prion1 nessus2