What is CVE-2011-3587?

CVE-2011-3587 is a vulnerability in Plone. Published 2011-10-10.

Is CVE-2011-3587 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Plone

CVE-2011-3587

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of…

EPSS: 0.905 (99.6th percentile) — read the EPSS interpretation.

Affected products

Plone — versions 4.0, 4.0.1, 4.0.2
Zope — versions 2.12.0, 2.12.1, 2.12.2
N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

secalert@redhat.com (x_refsource_CONFIRM, Patch)
46221 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
46323 (x_refsource_SECUNIA, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Patch)

Frequently asked questions

What is CVE-2011-3587?: CVE-2011-3587 is a vulnerability in Plone. Published 2011-10-10.
Is CVE-2011-3587 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.