CVE-2006-4247
First published: Fri Sep 29 2006(Updated: )
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."
Credit: security@debian.org security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Plone Plone | =2.5 | |
| Plone Plone | =2.5.1_rc | |
| pip/Plone | >=2.5<2.5.1 | 2.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-4247?
The severity of CVE-2006-4247 is considered critical due to the ability for attackers to reset passwords of other users.
How do I fix CVE-2006-4247?
To mitigate CVE-2006-4247, upgrade the Plone Password Reset Tool to version 2.5.1 or later.
What versions of Plone are affected by CVE-2006-4247?
CVE-2006-4247 affects Plone versions 2.5 and 2.5.1 Release Candidate.
What type of vulnerability is CVE-2006-4247?
CVE-2006-4247 is classified as an authentication vulnerability, allowing unauthorized password resets.
Can CVE-2006-4247 be exploited remotely?
Yes, CVE-2006-4247 can be exploited remotely by attackers with access to the Password Reset Tool.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/softwarecombine
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-5hch-v5pq-x4qp
- alias/CVE-2006-4247
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- collector/github-advisory
- collector/nvd-cve
- source/NVD
- agent/trending
- agent/tags
- agent/source
- vendor/plone
- canonical/plone plone
- version/plone plone/2.5
- version/plone plone/2.5.1_rc
- package-manager/pip