CVE-2012-5488

CVSS V2 Medium 5 CVSS V3 None
Description
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
Overview
  • CVE ID
  • CVE-2012-5488
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2014-09-30T14:55:05
  • Last Modified Date
  • 2023-02-13T04:36:31
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:* 1 OR 4.2.2
cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:N/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • PARTIAL
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
History
Created Old Value New Value Data Type Notes
2022-05-10 10:29:54 Added to TrackCVE
2022-12-02 01:09:21 2014-09-30T14:55Z 2014-09-30T14:55:05 CVE Published Date updated
2022-12-02 01:09:21 2014-10-10T04:59:24 CVE Modified Date updated
2022-12-02 01:09:21 Modified Vulnerability Status updated
2023-02-02 19:04:33 2023-02-02T18:16:24 CVE Modified Date updated
2023-02-02 19:04:33 python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. It was discovered that Plone, included as a part of luci, did not properly protect the privilege of running RestrictedPython scripts. A remote attacker could use a specially crafted URL that, when processed, would allow the attacker to submit and perform expensive computations or, in conjunction with other attacks, be able to access or alter privileged information. Description updated
2023-02-02 19:04:34 References updated
2023-02-13 05:06:31 2023-02-13T04:36:31 CVE Modified Date updated
2023-02-13 05:06:31 It was discovered that Plone, included as a part of luci, did not properly protect the privilege of running RestrictedPython scripts. A remote attacker could use a specially crafted URL that, when processed, would allow the attacker to submit and perform expensive computations or, in conjunction with other attacks, be able to access or alter privileged information. python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. Description updated