| Vulnerability Name: | CVE-2007-5741 (CCN-38288) | ||||||||||||||||
| Assigned: | 2007-11-06 | ||||||||||||||||
| Published: | 2007-11-06 | ||||||||||||||||
| Updated: | 2018-10-15 | ||||||||||||||||
| Summary: | Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | ||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-94 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Nov 06 2007 - 12:08:25 CST [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix Source: MITRE Type: CNA CVE-2007-5741 Source: OSVDB Type: UNKNOWN 42071 Source: OSVDB Type: UNKNOWN 42072 Source: CCN Type: Plone Security Advisory CVE-2007-5741: unsafe data interpreted as pickles Source: CONFIRM Type: UNKNOWN http://plone.org/about/security/advisories/cve-2007-5741 Source: CCN Type: Plone Web site Plone Hotfix 20071106 Source: CCN Type: SA27530 Plone "statusmessages" and "linkintegrity" Modules Code Execution Source: SECUNIA Type: Patch, Vendor Advisory 27530 Source: SECUNIA Type: UNKNOWN 27559 Source: DEBIAN Type: UNKNOWN DSA-1405 Source: DEBIAN Type: DSA-1405 zope-cmfplone -- missing input sanitising Source: CCN Type: OSVDB ID: 42071 Plone linkintegrity Modules Pickled Object Arbitrary Python Code Execution Source: CCN Type: OSVDB ID: 42072 Plone statusmessages Modules Pickled Object Arbitrary Python Code Execution Source: BUGTRAQ Type: UNKNOWN 20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix Source: BID Type: Patch 26354 Source: CCN Type: BID-26354 Plone Multiple Modules Script Execution Vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2007-3754 Source: XF Type: UNKNOWN plone-pythoncode-execution(38288) Source: XF Type: UNKNOWN plone-pythoncode-execution(38288) | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||