Home > Vulnerability Database > CVE-2011-3587

Mend.io Vulnerability Database

CVE-2011-3587

Good to know:

Date: October 10, 2011

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.

Language: Python

Severity Score

5.6

Related Resources (15)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=742297

Url: https://github.com/zopefoundation/Zope/commit/491a583d8c6622b80c75917e5017c4bb4b15e477

Url: http://plone.org/products/plone-hotfix/releases/20110928

Url: http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0

Url: http://plone.org/products/plone/security/advisories/20110928

Url: http://secunia.com/advisories/46323

Url: http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587

Url: https://github.com/zopefoundation/Zope

Url: http://secunia.com/advisories/46221

Url: https://github.com/pypa/advisory-database/tree/main/vulns/products-plonehotfix20110928/PYSEC-2011-26.yaml

Url: https://github.com/zopefoundation/Zope/commit/6bb2fb3c04a76b00bec9bd7c069733e06fa6ebe9

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-3587

Url: https://web.archive.org/web/20111013043934/http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587

Url: http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip

Url: https://www.mend.io/vulnerability-database/CVE-2011-3587

Severity Score

5.6

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version zope2 - 2.12.20;zope2 - 2.13.10

Learn More

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	9.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-3587

Good to know:

Date: October 10, 2011

Language: Python

Severity Score

Related Resources (15)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?