Home page logo

oss-sec logo oss-sec mailing list archives

CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 7 Nov 2012 06:43:58 -0500 (EST)

Hello Kurt, Steve, vendors,

  Plone upstream has issued 20121106 HotFix correcting
multiple security issues:
1) http://plone.org/products/plone/security/advisories/20121106/
2) http://plone.org/products/plone/security/advisories/20121106-announcement

Issues recapitulation (from 1) ):
a) Restricted Python injection
b) Reflexive HTTP header injection
c) Restricted Python sandbox escape
d) Restricted Python injection
e) Partial restricted Python sandbox escape
f) Reflexive XSS
g) Partial permissions bypass
h) Restricted Python sandbox escape
i) Reflexive XSS
j) Restricted Python injection
k) DoS through unsanitised inputs into Kupu
l) Anonymous users can list user account names
m) Partial denial of service through Collections functionality
n) Partial denial of service through internal function
o) Anonymous users can batch change titles of content items
p) Crafted URL allows downloading of BLOBs that are not visible to the user
q) Persistent XSS via filtering bypass
r) Users connected through FTP can list hidden folder contents
s) Persistent XSS
t) Attempting to access a view with no name returns an internal data structure
u) DoS through RSS on private folder
v) Timing attack in password validation
w) PRNG isn't reseeded
x) Form detail exposure

=> preliminary 24 CVE ids needed.

Could you allocate a CVE ids for these? Please take this post
as initial heads up for vendors regarding them. In subsequent
posts I will try to provide as much details about these as
possible (we to be able to determine how many of them in fact

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]