CVE-2007-5741 (GCVE-0-2007-5741)

Vulnerability from cvelistv5 – Published: 2007-11-08 02:00 – Updated: 2024-08-07 15:39
VLAI?
Summary
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://osvdb.org/42071 vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/26354 vdb-entryx_refsource_BID
http://secunia.com/advisories/27559 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/27530 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/483343/100… mailing-listx_refsource_BUGTRAQ
http://www.debian.org/security/2007/dsa-1405 vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2007/3754 vdb-entryx_refsource_VUPEN
http://plone.org/about/security/advisories/cve-20… x_refsource_CONFIRM
http://osvdb.org/42072 vdb-entryx_refsource_OSVDB
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:39:13.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "plone-pythoncode-execution(38288)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
          },
          {
            "name": "42071",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/42071"
          },
          {
            "name": "26354",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26354"
          },
          {
            "name": "27559",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27559"
          },
          {
            "name": "27530",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27530"
          },
          {
            "name": "20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
          },
          {
            "name": "DSA-1405",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1405"
          },
          {
            "name": "ADV-2007-3754",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3754"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://plone.org/about/security/advisories/cve-2007-5741"
          },
          {
            "name": "42072",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/42072"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-06T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T00:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "plone-pythoncode-execution(38288)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
        },
        {
          "name": "42071",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/42071"
        },
        {
          "name": "26354",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26354"
        },
        {
          "name": "27559",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27559"
        },
        {
          "name": "27530",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27530"
        },
        {
          "name": "20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
        },
        {
          "name": "DSA-1405",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1405"
        },
        {
          "name": "ADV-2007-3754",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3754"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://plone.org/about/security/advisories/cve-2007-5741"
        },
        {
          "name": "42072",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/42072"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5741",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "plone-pythoncode-execution(38288)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38288"
            },
            {
              "name": "42071",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/42071"
            },
            {
              "name": "26354",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26354"
            },
            {
              "name": "27559",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27559"
            },
            {
              "name": "27530",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27530"
            },
            {
              "name": "20071106 [CVE-2007-5741] Plone: statusmessages and linkintegrity unsafe network data hotfix",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/483343/100/0/threaded"
            },
            {
              "name": "DSA-1405",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1405"
            },
            {
              "name": "ADV-2007-3754",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3754"
            },
            {
              "name": "http://plone.org/about/security/advisories/cve-2007-5741",
              "refsource": "CONFIRM",
              "url": "http://plone.org/about/security/advisories/cve-2007-5741"
            },
            {
              "name": "42072",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/42072"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5741",
    "datePublished": "2007-11-08T02:00:00.000Z",
    "dateReserved": "2007-10-31T04:00:00.000Z",
    "dateUpdated": "2024-08-07T15:39:13.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.