Executive Summary

Informations
Name CVE-2007-5741 First vendor Publication 2007-11-07
Vendor Cve Last vendor Modification 2018-10-15

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5741

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:20033
 
Oval ID: oval:org.mitre.oval:def:20033
Title: DSA-1405-1 zope-cmfplone - arbitrary code
Description: It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.
Family: unix Class: patch
Reference(s): DSA-1405-1
CVE-2007-5741
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): zope-cmfplone
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20398
 
Oval ID: oval:org.mitre.oval:def:20398
Title: DSA-1405-2 zope-cmfplone - arbitrary code
Description: It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.
Family: unix Class: patch
Reference(s): DSA-1405-2
CVE-2007-5741
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): zope-cmfplone
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8

OpenVAS Exploits

Date Description
2008-09-04 Name : FreeBSD Ports: plone
File : nvt/freebsd_plone2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1405-1 (zope-cmfplone)
File : nvt/deb_1405_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1405-2 (zope-cmfplone)
File : nvt/deb_1405_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 1405-3 (zope-cmfplone)
File : nvt/deb_1405_3.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
42072 Plone statusmessages Modules Pickled Object Arbitrary Python Code Execution
42071 Plone linkintegrity Modules Pickled Object Arbitrary Python Code Execution

Nessus® Vulnerability Scanner

Date Description
2007-11-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1405.nasl - Type : ACT_GATHER_INFO
2007-11-12 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_ffba6ab090b511dc9835003048705d5a.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/26354
BUGTRAQ http://www.securityfocus.com/archive/1/483343/100/0/threaded
CONFIRM http://plone.org/about/security/advisories/cve-2007-5741
DEBIAN http://www.debian.org/security/2007/dsa-1405
OSVDB http://osvdb.org/42071
http://osvdb.org/42072
SECUNIA http://secunia.com/advisories/27530
http://secunia.com/advisories/27559
VUPEN http://www.vupen.com/english/advisories/2007/3754
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/38288

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2021-05-04 12:06:36
  • Multiple Updates
2021-04-22 01:07:08
  • Multiple Updates
2020-05-23 00:20:42
  • Multiple Updates
2018-10-16 00:19:19
  • Multiple Updates
2017-07-29 12:02:39
  • Multiple Updates
2016-06-28 17:01:56
  • Multiple Updates
2016-04-26 16:45:58
  • Multiple Updates
2014-02-17 10:42:25
  • Multiple Updates
2013-05-11 10:40:46
  • Multiple Updates