Published: 30/09/2014 Updated: 01/10/2014

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

at_download.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote malicious users to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
plone plone 4.3
plone plone
plone plone 4.2.1
plone plone 4.2.1.1
plone plone 4.2.0.1
plone plone 4.0.5
plone plone 4.0.4
plone plone 4.0.3
plone plone 4.0.2
plone plone 3.1.6
plone plone 3.1.5.1
plone plone 3.1.4
plone plone 3.1.3
plone plone 2.5.3
plone plone 2.5.2
plone plone 2.5.1
plone plone 2.5
plone plone 2.1.4
plone plone 1.0.4
plone plone 1.0.3
plone plone 1.0.2
plone plone 1.0.1
plone plone 4.2
plone plone 4.1.5
plone plone 4.1
plone plone 4.0
plone plone 3.3.4
plone plone 3.2.1
plone plone 3.1.7
plone plone 3.1.2
plone plone 3.1
plone plone 3.0
plone plone 2.5.4
plone plone 2.1.2
plone plone 2.1
plone plone 2.0.1
plone plone 1.0.6
plone plone 4.1.6
plone plone 3.3.3
plone plone 3.3.2
plone plone 3.3.1
plone plone 3.3
plone plone 3.2.3
plone plone 3.0.5
plone plone 3.0.4
plone plone 3.0.3
plone plone 3.0.2
plone plone 2.0.5
plone plone 2.0.4
plone plone 2.0.3
plone plone 2.0.2
plone plone 4.1.4
plone plone 4.0.6.1
plone plone 4.0.1
plone plone 3.3.5
plone plone 3.2.2
plone plone 3.2
plone plone 3.1.1
plone plone 3.0.6
plone plone 3.0.1
plone plone 2.5.5
plone plone 2.1.3
plone plone 2.1.1
plone plone 2.0
plone plone 1.0.5
plone plone 1.0

CWE-264 https://plone.org/products/plone-hotfix/releases/20121106 http://www.openwall.com/lists/oss-security/2012/11/10/1 https://plone.org/products/plone/security/advisories/20121106/17 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://nvd.nist.gov

CVE-2012-5501

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect