CVE-2012-6661
medium
CVSS v3
—
CVSS v2
5.0
VIR risk
5.0
Description
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://plone.org/products/plone/security/advisories/20121106/24
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| plone | plone | {"endIncluding":"4.2.2"} | |
| plone | plone | 1.0 | |
| plone | plone | 1.0.1 | |
| plone | plone | 1.0.2 | |
| plone | plone | 1.0.3 | |
| plone | plone | 1.0.4 | |
| plone | plone | 1.0.5 | |
| plone | plone | 1.0.6 | |
| plone | plone | 2.0 | |
| plone | plone | 2.0.1 | |
| plone | plone | 2.0.2 | |
| plone | plone | 2.0.3 | |
| plone | plone | 2.0.4 | |
| plone | plone | 2.0.5 | |
| plone | plone | 2.1 | |
| plone | plone | 2.1.1 | |
| plone | plone | 2.1.2 | |
| plone | plone | 2.1.3 | |
| plone | plone | 2.1.4 | |
| plone | plone | 2.5 | |
| plone | plone | 2.5.1 | |
| plone | plone | 2.5.2 | |
| plone | plone | 2.5.3 | |
| plone | plone | 2.5.4 | |
| plone | plone | 2.5.5 | |
| plone | plone | 3.0 | |
| plone | plone | 3.0.1 | |
| plone | plone | 3.0.2 | |
| plone | plone | 3.0.3 | |
| plone | plone | 3.0.4 | |
| plone | plone | 3.0.5 | |
| plone | plone | 3.0.6 | |
| plone | plone | 3.1 | |
| plone | plone | 3.1.1 | |
| plone | plone | 3.1.2 | |
| plone | plone | 3.1.3 | |
| plone | plone | 3.1.4 | |
| plone | plone | 3.1.5.1 | |
| plone | plone | 3.1.6 | |
| plone | plone | 3.1.7 | |
| plone | plone | 3.2 | |
| plone | plone | 3.2.1 | |
| plone | plone | 3.2.2 | |
| plone | plone | 3.2.3 | |
| plone | plone | 3.3 | |
| plone | plone | 3.3.1 | |
| plone | plone | 3.3.2 | |
| plone | plone | 3.3.3 | |
| plone | plone | 3.3.4 | |
| plone | plone | 3.3.5 | |
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.1 | |
| plone | plone | 4.1.4 | |
| plone | plone | 4.1.5 | |
| plone | plone | 4.1.6 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2.1 | |
| plone | plone | 4.3 | |
| zope | zope | {"endIncluding":"2.13.18"} | |
References
- https://nvd.nist.gov/vuln/detail/CVE-2012-6661
- https://bugs.launchpad.net/zope2/+bug/1071067
- https://github.com/advisories/GHSA-48vv-2pmq-9fvv
- https://github.com/plone/Products.CMFPlone
- https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
- https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2014-51.yaml
- https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2014-76.yaml
- https://plone.org/products/plone-hotfix/releases/20121124
- https://plone.org/products/plone/security/advisories/20121106/24
- http://www.openwall.com/lists/oss-security/2012/11/10/1
CWEs
CWE-310
Verify integrity in audit chain (admin only). AS-IS.