#VU44631 Input validation error in Zope - CVE-2011-3587
Published: October 10, 2011 / Updated: June 8, 2025
Vulnerability identifier: #VU44631
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2011-3587
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Zope
Zope
Software vendor:
Zope
Zope
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
Remediation
Install update from vendor's website.
External links
- http://plone.org/products/plone/security/advisories/20110928
- http://plone.org/products/plone-hotfix/releases/20110928
- http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
- http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
- http://secunia.com/advisories/46221
- http://secunia.com/advisories/46323
- http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587
- https://bugzilla.redhat.com/show_bug.cgi?id=742297