Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5741

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5741
Last Modified 07 Mar 2011 10:01:13
Published 07 Nov 2007 04:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5741

Summary

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Vulnerable Systems

Application

  • Plone 2.5

  • Plone 2.5 Beta1

  • Plone 2.5.1

  • Plone 2.5.1 Rc

  • Plone 2.5.4

  • Plone 3.0

  • Plone 3.0.1

  • Plone 3.0.2


References

BID - 26354

BUGTRAQ - 20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix

SECUNIA - 27530

VUPEN - ADV-2007-3754

CONFIRM - http://plone.org/about/security/advisories/cve-2007-5741

OSVDB - 42072

OSVDB - 42071

XF - plone-pythoncode-execution(38288)

DEBIAN - DSA-1405

SECUNIA - 27559


Last Updated: 27 May 2016 10:46:16