Vulnerability Description
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Plone | Plone | 4.0 |
| Zope | Zope | 2.12.0 |
References
- http://plone.org/products/plone-hotfix/releases/20110928Patch
- http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0Patch
- http://plone.org/products/plone/security/advisories/20110928PatchVendor Advisory
- http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0Patch
- http://secunia.com/advisories/46221Vendor Advisory
- http://secunia.com/advisories/46323
- http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587Patch
- https://bugzilla.redhat.com/show_bug.cgi?id=742297Patch
- http://plone.org/products/plone-hotfix/releases/20110928Patch
- http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0Patch
- http://plone.org/products/plone/security/advisories/20110928PatchVendor Advisory
- http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0Patch
- http://secunia.com/advisories/46221Vendor Advisory
- http://secunia.com/advisories/46323
- http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587Patch
FAQ
What is CVE-2011-3587?
CVE-2011-3587 is a vulnerability with a CVSS score of 9.3 (HIGH). Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the ...
How severe is CVE-2011-3587?
CVE-2011-3587 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-3587?
Check the references section above for vendor advisories and patch information. Affected products include: Plone Plone, Zope Zope.