Lucene search

PRIOn knowledge basePRION:CVE-2011-4462

HistoryDec 30, 2011 - 1:55 a.m.

Code injection

2011-12-3001:55:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.1%

JSON

Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

CPENameOperatorVersion
plonele4.1.3
ploneeq3.3
ploneeq1.0
ploneeq4.0.5
ploneeq3.0.1
ploneeq1.0.3
ploneeq3.0
ploneeq3.2.3
ploneeq3.1.4
ploneeq3.1.5.1

Name	Operator	Version
plone	le	4.1.3
plone	eq	3.3
plone	eq	1.0
plone	eq	4.0.5
plone	eq	3.0.1
plone	eq	1.0.3
plone	eq	3.0
plone	eq	3.2.3
plone	eq	3.1.4
plone	eq	3.1.5.1

Rows per page:

1-10 of 621

References

archives.neohapsis.com/archives/bugtraq/2011-12/0181.html

secunia.com/advisories/47406

www.kb.cert.org/vuls/id/903934

www.nruns.com/_downloads/advisory28122011.pdf

www.ocert.org/advisories/ocert-2011-003.html

exchange.xforce.ibmcloud.com/vulnerabilities/72018

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.019 Low

EPSS

Percentile

88.1%

JSON

Related for PRION:CVE-2011-4462