Lucene search

PRIOn knowledge basePRION:CVE-2007-5741

HistoryNov 07, 2007 - 9:46 p.m.

Code injection

2007-11-0721:46:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

CPENameOperatorVersion
ploneeq2.5.0-beta1
ploneeq3.0.1
ploneeq3.0
ploneeq2.5.4
ploneeq2.5.1
ploneeq2.5
ploneeq2.5.1-rc
ploneeq3.0.2

Name	Operator	Version
plone	eq	2.5.0-beta1
plone	eq	3.0.1
plone	eq	3.0
plone	eq	2.5.4
plone	eq	2.5.1
plone	eq	2.5
plone	eq	2.5.1-rc
plone	eq	3.0.2

References

osvdb.org/42071

osvdb.org/42072

plone.org/about/security/advisories/cve-2007-5741

secunia.com/advisories/27530

secunia.com/advisories/27559

www.debian.org/security/2007/dsa-1405

www.securityfocus.com/archive/1/483343/100/0/threaded

www.securityfocus.com/bid/26354

www.vupen.com/english/advisories/2007/3754

exchange.xforce.ibmcloud.com/vulnerabilities/38288

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.2%

JSON

Related for PRION:CVE-2007-5741