cvelistv5 - CVE-2007-5741

CVE-2007-5741 (GCVE-0-2007-5741)

Vulnerability from cvelistv5 – Published: 2007-11-07 21:00 – Updated: 2024-08-07 15:39

Summary

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/42071	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/26354	vdb-entryx_refsource_BID
	http://secunia.com/advisories/27559	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/27530	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/483343/100…	mailing-listx_refsource_BUGTRAQ
	http://www.debian.org/security/2007/dsa-1405	vendor-advisoryx_refsource_DEBIAN
	http://www.vupen.com/english/advisories/2007/3754	vdb-entryx_refsource_VUPEN
	http://plone.org/about/security/advisories/cve-20…	x_refsource_CONFIRM
	http://osvdb.org/42072	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:39:13.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "plone-pythoncode-execution(38288)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
          },
          {
            "name": "42071",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/42071"
          },
          {
            "name": "26354",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26354"
          },
          {
            "name": "27559",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27559"
          },
          {
            "name": "27530",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27530"
          },
          {
            "name": "20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
          },
          {
            "name": "DSA-1405",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1405"
          },
          {
            "name": "ADV-2007-3754",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3754"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://plone.org/about/security/advisories/cve-2007-5741"
          },
          {
            "name": "42072",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/42072"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "plone-pythoncode-execution(38288)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
        },
        {
          "name": "42071",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/42071"
        },
        {
          "name": "26354",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26354"
        },
        {
          "name": "27559",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27559"
        },
        {
          "name": "27530",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27530"
        },
        {
          "name": "20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
        },
        {
          "name": "DSA-1405",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1405"
        },
        {
          "name": "ADV-2007-3754",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3754"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://plone.org/about/security/advisories/cve-2007-5741"
        },
        {
          "name": "42072",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/42072"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5741",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "plone-pythoncode-execution(38288)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
            },
            {
              "name": "42071",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/42071"
            },
            {
              "name": "26354",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26354"
            },
            {
              "name": "27559",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27559"
            },
            {
              "name": "27530",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27530"
            },
            {
              "name": "20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
            },
            {
              "name": "DSA-1405",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1405"
            },
            {
              "name": "ADV-2007-3754",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3754"
            },
            {
              "name": "http://plone.org/about/security/advisories/cve-2007-5741",
              "refsource": "CONFIRM",
              "url": "http://plone.org/about/security/advisories/cve-2007-5741"
            },
            {
              "name": "42072",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/42072"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5741",
    "datePublished": "2007-11-07T21:00:00",
    "dateReserved": "2007-10-31T00:00:00",
    "dateUpdated": "2024-08-07T15:39:13.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9762C674-380B-4831-BBA1-3B27742121B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D938645-80CE-4287-830E-A3BD0C5C84FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C01E0884-D0A4-4511-AD4B-DBB09CB8080E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B60568E-A688-46AF-B627-062A029A7324\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C577B46C-7692-4B6F-B487-A28F73D403F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B647E76-E8B8-4329-8848-3B90EB262807\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D0A6B8F-4018-44DC-9862-45309619DC6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F10374F-2BB3-48D2-B19F-9B2D038A8E35\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.\"}, {\"lang\": \"es\", \"value\": \"Plone 2.5 hasta 2.5.4 y 3.0 hasta 3.0.2 permite a atacantes remotos ejecutar c\\u00f3digo Python de su elecci\\u00f3n mediante informaci\\u00f3n de red que contiene objetos \\\"serializados\\\" (pickled) para los m\\u00f3dulos (1) statusmessages o (2) linkintegrity, los cuales son \\\"deserializados\\\" (unpickled) y ejecutados.\"}]",
      "id": "CVE-2007-5741",
      "lastModified": "2024-11-21T00:38:35.690",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2007-11-07T21:46:00.000",
      "references": "[{\"url\": \"http://osvdb.org/42071\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/42072\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://plone.org/about/security/advisories/cve-2007-5741\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27530\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27559\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2007/dsa-1405\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/483343/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/26354\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3754\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38288\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/42071\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/42072\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://plone.org/about/security/advisories/cve-2007-5741\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27530\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/27559\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2007/dsa-1405\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/483343/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/26354\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3754\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/38288\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Not vulnerable. This issue did not affect versions of plone included in conga/luci packages as shipped with Red Hat Enterprise Linux 5 or Red Hat Cluster Suite for Red Hat Enterprise Linux 4.\", \"lastModified\": \"2007-11-08T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5741\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-11-07T21:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.\"},{\"lang\":\"es\",\"value\":\"Plone 2.5 hasta 2.5.4 y 3.0 hasta 3.0.2 permite a atacantes remotos ejecutar c\u00f3digo Python de su elecci\u00f3n mediante informaci\u00f3n de red que contiene objetos \\\"serializados\\\" (pickled) para los m\u00f3dulos (1) statusmessages o (2) linkintegrity, los cuales son \\\"deserializados\\\" (unpickled) y ejecutados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9762C674-380B-4831-BBA1-3B27742121B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D938645-80CE-4287-830E-A3BD0C5C84FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C01E0884-D0A4-4511-AD4B-DBB09CB8080E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B60568E-A688-46AF-B627-062A029A7324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C577B46C-7692-4B6F-B487-A28F73D403F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B647E76-E8B8-4329-8848-3B90EB262807\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D0A6B8F-4018-44DC-9862-45309619DC6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F10374F-2BB3-48D2-B19F-9B2D038A8E35\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/42071\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/42072\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://plone.org/about/security/advisories/cve-2007-5741\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27530\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27559\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1405\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/483343/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/26354\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3754\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38288\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/42071\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/42072\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://plone.org/about/security/advisories/cve-2007-5741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27530\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/27559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/483343/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26354\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/3754\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38288\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect versions of plone included in conga/luci packages as shipped with Red Hat Enterprise Linux 5 or Red Hat Cluster Suite for Red Hat Enterprise Linux 4.\",\"lastModified\":\"2007-11-08T00:00:00\"}]}}"
  }
}

PYSEC-2007-4

Vulnerability from pysec - Published: 2007-11-07 21:46 - Updated: 2024-11-25 18:35

Details

Impacted products

Name	purl
plone		plone

Aliases

CVE-2007-5741

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5"
            },
            {
              "fixed": "2.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0"
            },
            {
              "fixed": "3.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2007-5741"
  ],
  "details": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.",
  "id": "PYSEC-2007-4",
  "modified": "2024-11-25T18:35:18.357593Z",
  "published": "2007-11-07T21:46:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://plone.org/about/security/advisories/cve-2007-5741"
    },
    {
      "type": "FIX",
      "url": "http://www.securityfocus.com/bid/26354"
    },
    {
      "type": "FIX",
      "url": "http://secunia.com/advisories/27530"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/27530"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.debian.org/security/2007/dsa-1405"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/27559"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/42072"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/42071"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.vupen.com/english/advisories/2007/3754"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
    }
  ]
}

GSD-2007-5741

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-5741

Aliases

CVE-2007-5741

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5741",
    "description": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.",
    "id": "GSD-2007-5741",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-5741.html",
      "https://www.debian.org/security/2007/dsa-1405"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5741"
      ],
      "details": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.",
      "id": "GSD-2007-5741",
      "modified": "2023-12-13T01:21:40.585346Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5741",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "plone-pythoncode-execution(38288)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
          },
          {
            "name": "42071",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/42071"
          },
          {
            "name": "26354",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26354"
          },
          {
            "name": "27559",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27559"
          },
          {
            "name": "27530",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27530"
          },
          {
            "name": "20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
          },
          {
            "name": "DSA-1405",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2007/dsa-1405"
          },
          {
            "name": "ADV-2007-3754",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3754"
          },
          {
            "name": "http://plone.org/about/security/advisories/cve-2007-5741",
            "refsource": "CONFIRM",
            "url": "http://plone.org/about/security/advisories/cve-2007-5741"
          },
          {
            "name": "42072",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/42072"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5741"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://plone.org/about/security/advisories/cve-2007-5741",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://plone.org/about/security/advisories/cve-2007-5741"
            },
            {
              "name": "26354",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/26354"
            },
            {
              "name": "27530",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27530"
            },
            {
              "name": "DSA-1405",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2007/dsa-1405"
            },
            {
              "name": "27559",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27559"
            },
            {
              "name": "42072",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/42072"
            },
            {
              "name": "42071",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/42071"
            },
            {
              "name": "ADV-2007-3754",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3754"
            },
            {
              "name": "plone-pythoncode-execution(38288)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
            },
            {
              "name": "20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-15T21:46Z",
      "publishedDate": "2007-11-07T21:46Z"
    }
  }
}

CERTA-2007-AVI-482

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans deux composants de Plone permet d'exécuter du code Python à distance.

Description

Une vulnérabilité a été découverte dans les composants statusmessages et linkintegrity du logiciel de gestion de contenu Plone. Des données réseau spécifiquement constituées peuvent être interprétées par Plone comme des Python pickles (mécanisme permettant de transposer un objet Python en chaîne de caractères et inversement), permettant ainsi d'exécuter du code Python dans le contexte de Zope/Plone.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Plone versions 2.5.4 et antérieures ;
	N/A	N/A	Plone versions 3.0.2 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Plone du 06 novembre 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Plone versions 2.5.4 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Plone versions 3.0.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les composants statusmessages et\nlinkintegrity du logiciel de gestion de contenu Plone. Des donn\u00e9es\nr\u00e9seau sp\u00e9cifiquement constitu\u00e9es peuvent \u00eatre interpr\u00e9t\u00e9es par Plone\ncomme des Python pickles (m\u00e9canisme permettant de transposer un objet\nPython en cha\u00eene de caract\u00e8res et inversement), permettant ainsi\nd\u0027ex\u00e9cuter du code Python dans le contexte de Zope/Plone.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5741"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-482",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-11-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans deux composants de \u003cspan\nclass=\"textit\"\u003ePlone\u003c/span\u003e permet d\u0027ex\u00e9cuter du code Python \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Plone",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Plone du 06 novembre 2007",
      "url": "http://plone.org/about/security/advisories/cve-2007-5741"
    }
  ]
}

CERTA-2007-AVI-482

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans deux composants de Plone permet d'exécuter du code Python à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Plone versions 2.5.4 et antérieures ;
	N/A	N/A	Plone versions 3.0.2 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Plone du 06 novembre 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Plone versions 2.5.4 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Plone versions 3.0.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les composants statusmessages et\nlinkintegrity du logiciel de gestion de contenu Plone. Des donn\u00e9es\nr\u00e9seau sp\u00e9cifiquement constitu\u00e9es peuvent \u00eatre interpr\u00e9t\u00e9es par Plone\ncomme des Python pickles (m\u00e9canisme permettant de transposer un objet\nPython en cha\u00eene de caract\u00e8res et inversement), permettant ainsi\nd\u0027ex\u00e9cuter du code Python dans le contexte de Zope/Plone.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5741"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-482",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-11-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans deux composants de \u003cspan\nclass=\"textit\"\u003ePlone\u003c/span\u003e permet d\u0027ex\u00e9cuter du code Python \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Plone",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Plone du 06 novembre 2007",
      "url": "http://plone.org/about/security/advisories/cve-2007-5741"
    }
  ]
}

GHSA-HF26-VVMX-X8C8

Vulnerability from github – Published: 2022-05-01 18:36 – Updated: 2024-11-26 16:50

Summary

Plone Arbitrary Code Execution via Unsafe Handling of Pickles

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.5.4"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5"
            },
            {
              "fixed": "2.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.0.2"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0"
            },
            {
              "fixed": "3.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2007-5741"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-22T21:57:47Z",
    "nvd_published_at": "2007-11-07T21:46:00Z",
    "severity": "CRITICAL"
  },
  "details": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.",
  "id": "GHSA-hf26-vvmx-x8c8",
  "modified": "2024-11-26T16:50:13Z",
  "published": "2022-05-01T18:36:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5741"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/plone/Plone"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2007-4.yaml"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20080507055819/https://plone.org/about/security/advisories/cve-2007-5741"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20080517012557/http://www.securityfocus.com/bid/26354"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20080906150436/http://www.securityfocus.com/archive/1/483343/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://plone.org/about/security/advisories/cve-2007-5741"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1405"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Plone Arbitrary Code Execution via Unsafe Handling of Pickles"
}

FKIE_CVE-2007-5741

Vulnerability from fkie_nvd - Published: 2007-11-07 21:46 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/42071
cve@mitre.org	http://osvdb.org/42072
cve@mitre.org	http://plone.org/about/security/advisories/cve-2007-5741
cve@mitre.org	http://secunia.com/advisories/27530	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27559
cve@mitre.org	http://www.debian.org/security/2007/dsa-1405
cve@mitre.org	http://www.securityfocus.com/archive/1/483343/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/26354	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3754
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/38288
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/42071
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/42072
af854a3a-2127-422b-91ae-364da2661108	http://plone.org/about/security/advisories/cve-2007-5741
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27530	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27559
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1405
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/483343/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26354	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3754
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38288

Impacted products

Vendor	Product	Version
plone	plone	2.5
plone	plone	2.5.1
plone	plone	2.5.1_rc
plone	plone	2.5.4
plone	plone	2.5_beta1
plone	plone	3.0
plone	plone	3.0.1
plone	plone	3.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*",
              "matchCriteriaId": "C01E0884-D0A4-4511-AD4B-DBB09CB8080E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C577B46C-7692-4B6F-B487-A28F73D403F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes."
    },
    {
      "lang": "es",
      "value": "Plone 2.5 hasta 2.5.4 y 3.0 hasta 3.0.2 permite a atacantes remotos ejecutar c\u00f3digo Python de su elecci\u00f3n mediante informaci\u00f3n de red que contiene objetos \"serializados\" (pickled) para los m\u00f3dulos (1) statusmessages o (2) linkintegrity, los cuales son \"deserializados\" (unpickled) y ejecutados."
    }
  ],
  "id": "CVE-2007-5741",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-07T21:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/42071"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/42072"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://plone.org/about/security/advisories/cve-2007-5741"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27530"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27559"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1405"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26354"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3754"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/42071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/42072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://plone.org/about/security/advisories/cve-2007-5741"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1405"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26354"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3754"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect versions of plone included in conga/luci packages as shipped with Red Hat Enterprise Linux 5 or Red Hat Cluster Suite for Red Hat Enterprise Linux 4.",
      "lastModified": "2007-11-08T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-5741 (GCVE-0-2007-5741)

PYSEC-2007-4

GSD-2007-5741

CERTA-2007-AVI-482

Description

Solution

CERTA-2007-AVI-482

Description

Solution

GHSA-HF26-VVMX-X8C8

FKIE_CVE-2007-5741

Tags

Sightings

Nomenclature