Skip to main content

Zope CVE-2012-5507

MEDIUM
Race Condition (CWE-362)
2014-09-30 secalert@redhat.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:N/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 30, 2014 - 14:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

AnalysisAI

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Technical ContextAI

This vulnerability is classified under CWE-362. AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation. Affected products include: Zope, Plone. Version information: before 2.13.19.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Zope

View all
CVE-2021-32633 HIGH POC
8.8 May 21

Zope is an open-source web application server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitabl

CVE-2023-42458 MEDIUM POC
5.4 Sep 21

Zope is an open-source web application server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploita

CVE-2012-6661 MEDIUM POC
5.0 Nov 03

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number gener

CVE-2021-32674 HIGH
8.8 Jun 08

Zope is an open-source web application server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitabl

CVE-2023-41050 HIGH
7.7 Sep 06

AccessControl provides a general security framework for use in Zope. Rated high severity (CVSS 7.7), this vulnerability

CVE-2021-32811 HIGH
7.2 Aug 02

Zope is an open-source web application server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitabl

CVE-2012-5489 MEDIUM
6.5 Sep 30

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in P

CVE-2012-5486 MEDIUM
6.4 Sep 30

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attacker

CVE-2021-33507 MEDIUM
6.1 May 21

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and ot

CVE-2023-44389 MEDIUM
4.8 Oct 04

Zope is an open-source web application server. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploita

Share

CVE-2012-5507 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy