CVE-2011-3587
Description
Zope Command Execution Vulnerability
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=742297
Vendor advisory: secalert@redhat.com — http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587
Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/46221
Vendor advisory: secalert@redhat.com — http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
Vendor advisory: secalert@redhat.com — http://plone.org/products/plone/security/advisories/20110928
Vendor advisory: secalert@redhat.com — http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
Vendor advisory: secalert@redhat.com — http://plone.org/products/plone-hotfix/releases/20110928
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2a1 | |
| plone | plone | 4.2a2 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.1 | |
| zope | zope | 2.12.2 | |
| zope | zope | 2.12.3 | |
| zope | zope | 2.12.4 | |
| zope | zope | 2.12.5 | |
| zope | zope | 2.12.6 | |
| zope | zope | 2.12.7 | |
| zope | zope | 2.12.8 | |
| zope | zope | 2.12.9 | |
| zope | zope | 2.12.10 | |
| zope | zope | 2.12.11 | |
| zope | zope | 2.12.12 | |
| zope | zope | 2.12.13 | |
| zope | zope | 2.12.14 | |
| zope | zope | 2.12.15 | |
| zope | zope | 2.12.16 | |
| zope | zope | 2.12.17 | |
| zope | zope | 2.12.18 | |
| zope | zope | 2.12.19 | |
| zope | zope | 2.12.20 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.1 | |
| zope | zope | 2.13.2 | |
| zope | zope | 2.13.3 | |
| zope | zope | 2.13.4 | |
| zope | zope | 2.13.5 | |
| zope | zope | 2.13.6 | |
| zope | zope | 2.13.7 | |
| zope | zope | 2.13.8 | |
| zope | zope | 2.13.9 | |
| zope | zope | 2.13.10 | |
References
- http://plone.org/products/plone-hotfix/releases/20110928
- http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
- http://plone.org/products/plone/security/advisories/20110928
- http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
- http://secunia.com/advisories/46221
- http://secunia.com/advisories/46323
- http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587
- https://bugzilla.redhat.com/show_bug.cgi?id=742297
- https://nvd.nist.gov/vuln/detail/CVE-2011-3587
- https://github.com/zopefoundation/Zope/commit/491a583d8c6622b80c75917e5017c4bb4b15e477
- https://github.com/zopefoundation/Zope/commit/6bb2fb3c04a76b00bec9bd7c069733e06fa6ebe9
- https://github.com/pypa/advisory-database/tree/main/vulns/products-plonehotfix20110928/PYSEC-2011-26.yaml
- https://github.com/zopefoundation/Zope
- https://web.archive.org/web/20111013043934/http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587
Verify integrity in audit chain (admin only). AS-IS.