Lucene search

PRIOn knowledge basePRION:CVE-2012-5498

HistorySep 30, 2014 - 2:55 p.m.

Cross site request forgery (csrf)

2014-09-3014:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

90.0%

JSON

queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.

CPENameOperatorVersion
ploneeq3.3
ploneeq1.0
ploneeq4.2 a1
ploneeq4.0.5
ploneeq3.0.1
ploneeq1.0.3
ploneeq3.0
ploneeq3.2.3
ploneeq3.1.4
ploneeq3.1.5.1

Name	Operator	Version
plone	eq	3.3
plone	eq	1.0
plone	eq	4.2 a1
plone	eq	4.0.5
plone	eq	3.0.1
plone	eq	1.0.3
plone	eq	3.0
plone	eq	3.2.3
plone	eq	3.1.4
plone	eq	3.1.5.1

Rows per page:

1-10 of 721

References

rhn.redhat.com/errata/RHSA-2014-1194.html

www.openwall.com/lists/oss-security/2012/11/09/7

www.openwall.com/lists/oss-security/2012/11/10/1

github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

plone.org/products/plone-hotfix/releases/20121106

plone.org/products/plone/security/advisories/20121106/14