Lucene search

PRIOn knowledge basePRION:CVE-2012-5507

HistorySep 30, 2014 - 2:55 p.m.

Input validation

2014-09-3014:55:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.9%

JSON

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

CPENameOperatorVersion
ploneeq3.3
ploneeq1.0
ploneeq4.2 a1
ploneeq4.0.5
ploneeq3.0.1
ploneeq1.0.3
ploneeq3.0
ploneeq3.2.3
ploneeq3.1.4
ploneeq3.1.5.1

Name	Operator	Version
plone	eq	3.3
plone	eq	1.0
plone	eq	4.2 a1
plone	eq	4.0.5
plone	eq	3.0.1
plone	eq	1.0.3
plone	eq	3.0
plone	eq	3.2.3
plone	eq	3.1.4
plone	eq	3.1.5.1

Rows per page:

1-10 of 991

References

www.openwall.com/lists/oss-security/2012/11/10/1

bugs.launchpad.net/zope2/+bug/1071067

github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

plone.org/products/plone-hotfix/releases/20121106

plone.org/products/plone/security/advisories/20121106/23

7.2 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.9%

JSON

Related for PRION:CVE-2012-5507