CVE-2011-3587
Summary
| CVE | CVE-2011-3587 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-10-10 10:55:00 UTC |
| Updated | 2011-10-21 02:56:00 UTC |
| Description | Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Plone | Plone | 4.0 | All | All | All |
| Application | Plone | Plone | 4.0.1 | All | All | All |
| Application | Plone | Plone | 4.0.2 | All | All | All |
| Application | Plone | Plone | 4.0.3 | All | All | All |
| Application | Plone | Plone | 4.0.4 | All | All | All |
| Application | Plone | Plone | 4.0.5 | All | All | All |
| Application | Plone | Plone | 4.0.6.1 | All | All | All |
| Application | Plone | Plone | 4.0.7 | All | All | All |
| Application | Plone | Plone | 4.0.8 | All | All | All |
| Application | Plone | Plone | 4.0.9 | All | All | All |
| Application | Plone | Plone | 4.1 | All | All | All |
| Application | Plone | Plone | 4.2 | All | All | All |
| Application | Plone | Plone | 4.2a1 | All | All | All |
| Application | Plone | Plone | 4.2a2 | All | All | All |
| Application | Plone | Plone | 4.0 | All | All | All |
| Application | Plone | Plone | 4.0.1 | All | All | All |
| Application | Plone | Plone | 4.0.2 | All | All | All |
| Application | Plone | Plone | 4.0.3 | All | All | All |
| Application | Plone | Plone | 4.0.4 | All | All | All |
| Application | Plone | Plone | 4.0.5 | All | All | All |
| Application | Plone | Plone | 4.0.6.1 | All | All | All |
| Application | Plone | Plone | 4.0.7 | All | All | All |
| Application | Plone | Plone | 4.0.8 | All | All | All |
| Application | Plone | Plone | 4.0.9 | All | All | All |
| Application | Plone | Plone | 4.1 | All | All | All |
| Application | Plone | Plone | 4.2 | All | All | All |
| Application | Plone | Plone | 4.2a1 | All | All | All |
| Application | Plone | Plone | 4.2a2 | All | All | All |
| Application | Zope | Zope | 2.12.0 | All | All | All |
| Application | Zope | Zope | 2.12.0 | a1 | All | All |
| Application | Zope | Zope | 2.12.0 | a2 | All | All |
| Application | Zope | Zope | 2.12.0 | a3 | All | All |
| Application | Zope | Zope | 2.12.0 | a4 | All | All |
| Application | Zope | Zope | 2.12.0 | b1 | All | All |
| Application | Zope | Zope | 2.12.0 | b2 | All | All |
| Application | Zope | Zope | 2.12.0 | b3 | All | All |
| Application | Zope | Zope | 2.12.0 | b4 | All | All |
| Application | Zope | Zope | 2.12.1 | All | All | All |
| Application | Zope | Zope | 2.12.10 | All | All | All |
| Application | Zope | Zope | 2.12.11 | All | All | All |
| Application | Zope | Zope | 2.12.12 | All | All | All |
| Application | Zope | Zope | 2.12.13 | All | All | All |
| Application | Zope | Zope | 2.12.14 | All | All | All |
| Application | Zope | Zope | 2.12.15 | All | All | All |
| Application | Zope | Zope | 2.12.16 | All | All | All |
| Application | Zope | Zope | 2.12.17 | All | All | All |
| Application | Zope | Zope | 2.12.18 | All | All | All |
| Application | Zope | Zope | 2.12.19 | All | All | All |
| Application | Zope | Zope | 2.12.2 | All | All | All |
| Application | Zope | Zope | 2.12.20 | All | All | All |
| Application | Zope | Zope | 2.12.3 | All | All | All |
| Application | Zope | Zope | 2.12.4 | All | All | All |
| Application | Zope | Zope | 2.12.5 | All | All | All |
| Application | Zope | Zope | 2.12.6 | All | All | All |
| Application | Zope | Zope | 2.12.7 | All | All | All |
| Application | Zope | Zope | 2.12.8 | All | All | All |
| Application | Zope | Zope | 2.12.9 | All | All | All |
| Application | Zope | Zope | 2.13.0 | All | All | All |
| Application | Zope | Zope | 2.13.0 | a1 | All | All |
| Application | Zope | Zope | 2.13.0 | a2 | All | All |
| Application | Zope | Zope | 2.13.0 | a3 | All | All |
| Application | Zope | Zope | 2.13.0 | a4 | All | All |
| Application | Zope | Zope | 2.13.0 | b1 | All | All |
| Application | Zope | Zope | 2.13.0 | c1 | All | All |
| Application | Zope | Zope | 2.13.1 | All | All | All |
| Application | Zope | Zope | 2.13.10 | All | All | All |
| Application | Zope | Zope | 2.13.2 | All | All | All |
| Application | Zope | Zope | 2.13.3 | All | All | All |
| Application | Zope | Zope | 2.13.4 | All | All | All |
| Application | Zope | Zope | 2.13.5 | All | All | All |
| Application | Zope | Zope | 2.13.6 | All | All | All |
| Application | Zope | Zope | 2.13.7 | All | All | All |
| Application | Zope | Zope | 2.13.8 | All | All | All |
| Application | Zope | Zope | 2.13.9 | All | All | All |
| Application | Zope | Zope | 2.12.0 | All | All | All |
| Application | Zope | Zope | 2.12.0 | a1 | All | All |
| Application | Zope | Zope | 2.12.0 | a2 | All | All |
| Application | Zope | Zope | 2.12.0 | a3 | All | All |
| Application | Zope | Zope | 2.12.0 | a4 | All | All |
| Application | Zope | Zope | 2.12.0 | b1 | All | All |
| Application | Zope | Zope | 2.12.0 | b2 | All | All |
| Application | Zope | Zope | 2.12.0 | b3 | All | All |
| Application | Zope | Zope | 2.12.0 | b4 | All | All |
| Application | Zope | Zope | 2.12.1 | All | All | All |
| Application | Zope | Zope | 2.12.10 | All | All | All |
| Application | Zope | Zope | 2.12.11 | All | All | All |
| Application | Zope | Zope | 2.12.12 | All | All | All |
| Application | Zope | Zope | 2.12.13 | All | All | All |
| Application | Zope | Zope | 2.12.14 | All | All | All |
| Application | Zope | Zope | 2.12.15 | All | All | All |
| Application | Zope | Zope | 2.12.16 | All | All | All |
| Application | Zope | Zope | 2.12.17 | All | All | All |
| Application | Zope | Zope | 2.12.18 | All | All | All |
| Application | Zope | Zope | 2.12.19 | All | All | All |
| Application | Zope | Zope | 2.12.2 | All | All | All |
| Application | Zope | Zope | 2.12.20 | All | All | All |
| Application | Zope | Zope | 2.12.3 | All | All | All |
| Application | Zope | Zope | 2.12.4 | All | All | All |
| Application | Zope | Zope | 2.12.5 | All | All | All |
| Application | Zope | Zope | 2.12.6 | All | All | All |
| Application | Zope | Zope | 2.12.7 | All | All | All |
| Application | Zope | Zope | 2.12.8 | All | All | All |
| Application | Zope | Zope | 2.12.9 | All | All | All |
| Application | Zope | Zope | 2.13.0 | All | All | All |
| Application | Zope | Zope | 2.13.0 | a1 | All | All |
| Application | Zope | Zope | 2.13.0 | a2 | All | All |
| Application | Zope | Zope | 2.13.0 | a3 | All | All |
| Application | Zope | Zope | 2.13.0 | a4 | All | All |
| Application | Zope | Zope | 2.13.0 | b1 | All | All |
| Application | Zope | Zope | 2.13.0 | c1 | All | All |
| Application | Zope | Zope | 2.13.1 | All | All | All |
| Application | Zope | Zope | 2.13.10 | All | All | All |
| Application | Zope | Zope | 2.13.2 | All | All | All |
| Application | Zope | Zope | 2.13.3 | All | All | All |
| Application | Zope | Zope | 2.13.4 | All | All | All |
| Application | Zope | Zope | 2.13.5 | All | All | All |
| Application | Zope | Zope | 2.13.6 | All | All | All |
| Application | Zope | Zope | 2.13.7 | All | All | All |
| Application | Zope | Zope | 2.13.8 | All | All | All |
| Application | Zope | Zope | 2.13.9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security vulnerability announcement: CVE 2011-3587 — The Zope 2 Application Server | CONFIRM | zope2.zope.org | Patch |
| Zope Unspecified Command Execution Vulnerability - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| 742297 – (CVE-2011-3587) CVE-2011-3587 zope: Unspecified vulnerability in Zope v2.12.x and Zope v2.13.x allowing arbitrary code execution | CONFIRM | bugzilla.redhat.com | Patch |
| Products.PloneHotfix20110928 · PyPI | CONFIRM | pypi.python.org | Patch |
| Plone Two Vulnerabilities - Secunia.com | SECUNIA | secunia.com | |
| Plone Hotfix 20110928 — Plone CMS: Open Source Content Management | CONFIRM | plone.org | Patch |
| plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1... | CONFIRM | plone.org | Patch |
| Security vulnerability announcement: 20110928 - Arbitrary Code Execution — Plone CMS: Open Source Content Management | CONFIRM | plone.org | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 996725 Python (Pip) Security Update for zope2 (GHSA-8w48-m6hx-rjw2)