Lucene search

GoogleOSV:GHSA-PCWM-8JC3-QXVJ

HistoryJul 23, 2018 - 7:50 p.m.

Plone Denial of Service vulnerability

2018-07-2319:50:52

Google

osv.dev

6.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.1%

JSON

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CPENameOperatorVersion
ploneeq4.0a2
ploneeq3.3rc5
ploneeq4.0.1
ploneeq4.0b5
ploneeq3.2a1
ploneeq4.1a2
ploneeq4.0a3
ploneeq4.1a3
ploneeq3.2.2
ploneeq3.3rc4

Name	Operator	Version
plone	eq	4.0a2
plone	eq	3.3rc5
plone	eq	4.0.1
plone	eq	4.0b5
plone	eq	3.2a1
plone	eq	4.1a2
plone	eq	4.0a3
plone	eq	4.1a3
plone	eq	3.2.2
plone	eq	3.3rc4

Rows per page:

1-10 of 521

References

archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

secunia.com/advisories/47406

www.kb.cert.org/vuls/id/903934

www.nruns.com/_downloads/advisory28122011.pdf

www.ocert.org/advisories/ocert-2011-003.html

exchange.xforce.ibmcloud.com/vulnerabilities/72018

github.com/advisories/GHSA-pcwm-8jc3-qxvj

github.com/plone/plone

nvd.nist.gov/vuln/detail/CVE-2011-4462

6.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.1%

JSON

Related for OSV:GHSA-PCWM-8JC3-QXVJ