CVE-2012-5489
https://notcve.org/view.php?id=CVE-2012-5489
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. La función App.Undo.UndoSupport.get_request_var_or_attr en Zope anterior a 2.12.21 y 3.13.x anterior a 2.13.11, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, permite a usuarios remotos autenticados ganar el acceso a atributos restringidos a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://bugs.launchpad.net/zope2/+bug/1079238 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/05 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-5501
https://notcve.org/view.php?id=CVE-2012-5501
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. at_download.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos leer BLOBs arbitrarios (ficheros y imágenes) almacenados en tipos de contenidos personalizados a través de una URL manipulada. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/17 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-5486 – (Plone): Reflexive HTTP header injection
https://notcve.org/view.php?id=CVE-2012-5486
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. ZPublisher.HTTPRequest._scrubHeader en Zope 2 anterior a 2.13.19, utilizado en Plone anterior a 4.3 beta 1, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a través de un caracter 'linefeed' (LF). It was discovered that Plone, included as a part of luci, did not properly sanitize HTTP headers provided within certain URL requests. • http://rhn.redhat.com/errata/RHSA-2014-1194.html http://www.openwall.com/lists/oss-security/2012/11/10/1 https://bugs.launchpad.net/zope2/+bug/930812 https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/02 https://access.redhat.com/security/cve/CVE-2012-5486 https://bugzilla.redhat.com/show_bug.cgi?id=878939 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVE-2012-5499 – (Plone): Partial denial of service through internal function
https://notcve.org/view.php?id=CVE-2012-5499
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns. python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de un valor grande, relacionado con formatColumns. It was discovered that Plone, included as a part of luci, did not properly handle the processing of very large values passed to an internal utility function. A remote attacker could use a specially crafted URL that, when processed, would lead to excessive memory consumption. • http://rhn.redhat.com/errata/RHSA-2014-1194.html http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/15 https://access.redhat.com/security/cve/CVE-2012-5499 https://bugzilla.redhat.com/show_bug.cgi?id=874657 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVE-2012-5488 – (Plone): Restricted Python injection
https://notcve.org/view.php?id=CVE-2012-5488
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos ejecutar código Python a través de una URL manipulada, relacionado con createObject. It was discovered that Plone, included as a part of luci, did not properly protect the privilege of running RestrictedPython scripts. A remote attacker could use a specially crafted URL that, when processed, would allow the attacker to submit and perform expensive computations or, in conjunction with other attacks, be able to access or alter privileged information. • http://rhn.redhat.com/errata/RHSA-2014-1194.html http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/04 https://access.redhat.com/security/cve/CVE-2012-5488 https://bugzilla.redhat.com/show_bug.cgi?id=878945 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •