CVE-2011-3587
First published: Thu Sep 29 2011(Updated: )
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the `p_` class in `OFS/misc_.py` and the use of Python modules.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/zope2 | >=2.13.0<2.13.10 | 2.13.10 |
| pip/zope2 | >=2.12.0<2.12.20 | 2.12.20 |
| Plone Plone | =4.0 | |
| Plone Plone | =4.0.1 | |
| Plone Plone | =4.0.2 | |
| Plone Plone | =4.0.3 | |
| Plone Plone | =4.0.4 | |
| Plone Plone | =4.0.5 | |
| Plone Plone | =4.0.6.1 | |
| Plone Plone | =4.0.7 | |
| Plone Plone | =4.0.8 | |
| Plone Plone | =4.0.9 | |
| Plone Plone | =4.1 | |
| Plone Plone | =4.2 | |
| Plone Plone | =4.2a1 | |
| Plone Plone | =4.2a2 | |
| Zope Zope | =2.12.0 | |
| Zope Zope | =2.12.0-a1 | |
| Zope Zope | =2.12.0-a2 | |
| Zope Zope | =2.12.0-a3 | |
| Zope Zope | =2.12.0-a4 | |
| Zope Zope | =2.12.0-b1 | |
| Zope Zope | =2.12.0-b2 | |
| Zope Zope | =2.12.0-b3 | |
| Zope Zope | =2.12.0-b4 | |
| Zope Zope | =2.12.1 | |
| Zope Zope | =2.12.2 | |
| Zope Zope | =2.12.3 | |
| Zope Zope | =2.12.4 | |
| Zope Zope | =2.12.5 | |
| Zope Zope | =2.12.6 | |
| Zope Zope | =2.12.7 | |
| Zope Zope | =2.12.8 | |
| Zope Zope | =2.12.9 | |
| Zope Zope | =2.12.10 | |
| Zope Zope | =2.12.11 | |
| Zope Zope | =2.12.12 | |
| Zope Zope | =2.12.13 | |
| Zope Zope | =2.12.14 | |
| Zope Zope | =2.12.15 | |
| Zope Zope | =2.12.16 | |
| Zope Zope | =2.12.17 | |
| Zope Zope | =2.12.18 | |
| Zope Zope | =2.12.19 | |
| Zope Zope | =2.12.20 | |
| Zope Zope | =2.13.0 | |
| Zope Zope | =2.13.0-a1 | |
| Zope Zope | =2.13.0-a2 | |
| Zope Zope | =2.13.0-a3 | |
| Zope Zope | =2.13.0-a4 | |
| Zope Zope | =2.13.0-b1 | |
| Zope Zope | =2.13.0-c1 | |
| Zope Zope | =2.13.1 | |
| Zope Zope | =2.13.2 | |
| Zope Zope | =2.13.3 | |
| Zope Zope | =2.13.4 | |
| Zope Zope | =2.13.5 | |
| Zope Zope | =2.13.6 | |
| Zope Zope | =2.13.7 | |
| Zope Zope | =2.13.8 | |
| Zope Zope | =2.13.9 | |
| Zope Zope | =2.13.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=742297
- http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587
- http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
- http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
- http://plone.org/products/plone/security/advisories/20110928
- http://secunia.com/advisories/46221
- http://plone.org/products/plone-hotfix/releases/20110928
- http://secunia.com/advisories/46323
- http://secunia.com/advisories/46221/
- http://www.openwall.com/lists/oss-security/2011/09/29/9
- https://access.redhat.com/security/cve/CVE-2011-3587
- http://www.openwall.com/lists/oss-security/2011/09/30/7
- https://nvd.nist.gov/vuln/detail/CVE-2011-3587
- https://github.com/zopefoundation/Zope/commit/491a583d8c6622b80c75917e5017c4bb4b15e477
- https://github.com/zopefoundation/Zope/commit/6bb2fb3c04a76b00bec9bd7c069733e06fa6ebe9
- https://web.archive.org/web/20111013043934/http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587
- https://github.com/advisories/GHSA-8w48-m6hx-rjw2 (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/products-plonehotfix20110928/PYSEC-2011-26.yaml
- collector/nvd-historical
- collector/nvd-index
- agent/remedy
- agent/first-publish-date
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-3587
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/github-advisory
- source/GitHub
- alias/GHSA-8w48-m6hx-rjw2
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/github-advisory-latest
- vendor/zope
- canonical/zope zope
- version/zope zope/2.13.10
- vendor/plone
- canonical/plone plone
- version/plone plone/4.2a1
- version/zope zope/2.12.0-a2
- version/zope zope/2.12.11
- version/zope zope/2.12.9
- version/zope zope/2.12.8
- version/plone plone/4.0.5
- version/zope zope/2.13.0-a3
- version/zope zope/2.12.16
- version/zope zope/2.13.0-c1
- version/zope zope/2.12.10
- version/zope zope/2.13.9
- version/zope zope/2.12.3
- version/zope zope/2.12.12
- version/plone plone/4.0.2
- version/zope zope/2.13.0-b1
- version/zope zope/2.13.0
- version/zope zope/2.12.17
- version/zope zope/2.12.19
- version/zope zope/2.12.14
- version/zope zope/2.12.15
- version/plone plone/4.0.8
- version/zope zope/2.12.0
- version/plone plone/4.0.7
- version/plone plone/4.0.4
- version/zope zope/2.12.0-b1
- version/zope zope/2.12.5
- version/zope zope/2.12.0-a4
- version/zope zope/2.12.0-a1
- version/plone plone/4.0.9
- version/zope zope/2.13.7
- version/plone plone/4.1
- version/zope zope/2.12.18
- version/zope zope/2.13.2
- version/zope zope/2.13.4
- version/zope zope/2.13.1
- version/zope zope/2.12.6
- version/zope zope/2.12.2
- version/zope zope/2.13.0-a2
- version/zope zope/2.12.0-b2
- version/zope zope/2.12.20
- version/plone plone/4.0
- version/zope zope/2.13.8
- version/plone plone/4.0.6.1
- version/zope zope/2.12.0-a3
- version/zope zope/2.13.0-a1
- version/zope zope/2.12.0-b3
- version/zope zope/2.13.3
- version/zope zope/2.13.5
- version/zope zope/2.12.7
- version/zope zope/2.13.0-a4
- version/plone plone/4.0.1
- version/zope zope/2.12.4
- version/zope zope/2.13.6
- version/zope zope/2.12.0-b4
- version/plone plone/4.0.3
- version/plone plone/4.2a2
- version/zope zope/2.12.1
- version/plone plone/4.2
- version/zope zope/2.12.13
- package-manager/pip