Plone Unspecified Group Spoofing Vulnerability
BID:21460
Info
Plone Unspecified Group Spoofing Vulnerability
| Bugtraq ID: | 21460 |
| Class: | Design Error |
| CVE: |
CVE-2006-4249 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 06 2006 12:00AM |
| Updated: | Dec 07 2006 02:44AM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Plone Plone 2.5.1 Plone Plone 2.5 |
| Not Vulnerable: | |
Discussion
Plone Unspecified Group Spoofing Vulnerability
Plone is prone to a spoofing vulnerability due to an unspecified error.
An attacker can exploit this issue to spoof certain user data.
NOTE: This affects only sites that permit anonymous user registration.
Plone 2.5 and 2.5.1 are vulnerable.
Plone is prone to a spoofing vulnerability due to an unspecified error.
An attacker can exploit this issue to spoof certain user data.
NOTE: This affects only sites that permit anonymous user registration.
Plone 2.5 and 2.5.1 are vulnerable.
Exploit / POC
Plone Unspecified Group Spoofing Vulnerability
An attacker can exploit this issue via a web client.
An attacker can exploit this issue via a web client.
Solution / Fix
Plone Unspecified Group Spoofing Vulnerability
Solution:
The vendor has released a hotfix to address this issue. Please see the references for more information.
Plone Plone 2.5
Plone Plone 2.5.1
Solution:
The vendor has released a hotfix to address this issue. Please see the references for more information.
Plone Plone 2.5
-
Plone PloneHotFix20061031.tar.gz
http://plone.org/products/plone-hotfix/releases/20061031/PloneHotFix20 061031.tar.gz
Plone Plone 2.5.1
-
Plone PloneHotFix20061031.tar.gz
http://plone.org/products/plone-hotfix/releases/20061031/PloneHotFix20 061031.tar.gz
References
Plone Unspecified Group Spoofing Vulnerability
References:
References:
- Plone Homepage (Plone)
- Security: PlonePAS user/group fix (CVE-2006-4249) (Plone)