Input validation error in Zope - CVE-2011-3587
Published: October 10, 2011 / Updated: June 8, 2025
Vulnerability identifier: #VU44631
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2011-3587
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Zope
Affected software:
Zope
Zope
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
How to mitigate CVE-2011-3587
Install update from vendor's website.
Sources
- http://plone.org/products/plone/security/advisories/20110928
- http://plone.org/products/plone-hotfix/releases/20110928
- http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
- http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
- http://secunia.com/advisories/46221
- http://secunia.com/advisories/46323
- http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587
- https://bugzilla.redhat.com/show_bug.cgi?id=742297