Vulnerability-Lookup

CVE-2016-4043 (GCVE-0-2016-4043)

Vulnerability from cvelistv5 – Published: 2017-02-24 20:00 – Updated: 2024-08-06 00:17

Summary

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

PYSEC-2017-57

Vulnerability from pysec - Published: 2017-02-24 20:59 - Updated: 2021-07-25 23:34

Details

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

Impacted products

Name	purl
plone	pkg:pypi/plone

Aliases

CVE-2016-4043

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "plone",
        "purl": "pkg:pypi/plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0rc1"
            },
            {
              "fixed": "5.1a2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "5.0",
        "5.0.1",
        "5.0.10",
        "5.0.2",
        "5.0.3",
        "5.0.4",
        "5.0.5",
        "5.0.6",
        "5.0.7",
        "5.0.8",
        "5.0.9",
        "5.0rc1",
        "5.0rc2",
        "5.0rc3",
        "5.1a1"
      ]
    }
  ],
  "aliases": [
    "CVE-2016-4043"
  ],
  "details": "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.",
  "id": "PYSEC-2017-57",
  "modified": "2021-07-25T23:34:48.662249Z",
  "published": "2017-02-24T20:59:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://plone.org/security/hotfix/20160419/bypass-restricted-python"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/04/20/3"
    }
  ]
}

CNVD-2016-02606

Vulnerability from cnvd - Published: 2016-04-26

Title

Plone安全绕过漏洞

Description

Plone是美国Plone基金会的一套建立在应用服务器（Zope）上的免费且开源的内容管理系统（CMS）。 Plone的five.pt文件中存在安全漏洞,攻击者可利用该漏洞以PloneFormGen模板编辑权限绕过受限制的Python。

Severity

中

Patch Name

Plone安全绕过漏洞的补丁

Patch Description

Plone是美国Plone基金会的一套建立在应用服务器（Zope）上的免费且开源的内容管理系统（CMS）。 Plone的five.pt文件中存在安全漏洞,攻击者可利用该漏洞以PloneFormGen模板编辑权限绕过受限制的Python。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://plone.org/security/20160419/bypass-restricted-python

Reference

https://plone.org/security/20160419/bypass-restricted-python https://plone.org/security/20160419/bypass-restricted-python

Impacted products

Name
Plone Plone

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-4043"
    }
  },
  "description": "Plone\u662f\u7f8e\u56fdPlone\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5efa\u7acb\u5728\u5e94\u7528\u670d\u52a1\u5668\uff08Zope\uff09\u4e0a\u7684\u514d\u8d39\u4e14\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\r\n\r\nPlone\u7684five.pt\u6587\u4ef6\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e,\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5PloneFormGen\u6a21\u677f\u7f16\u8f91\u6743\u9650\u7ed5\u8fc7\u53d7\u9650\u5236\u7684Python\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://plone.org/security/20160419/bypass-restricted-python",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02606",
  "openTime": "2016-04-26",
  "patchDescription": "Plone\u662f\u7f8e\u56fdPlone\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u5efa\u7acb\u5728\u5e94\u7528\u670d\u52a1\u5668\uff08Zope\uff09\u4e0a\u7684\u514d\u8d39\u4e14\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\r\n\r\nPlone\u7684five.pt\u6587\u4ef6\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e,\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5PloneFormGen\u6a21\u677f\u7f16\u8f91\u6743\u9650\u7ed5\u8fc7\u53d7\u9650\u5236\u7684Python\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Plone\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Plone Plone"
  },
  "referenceLink": "https://plone.org/security/20160419/bypass-restricted-python\thttps://plone.org/security/20160419/bypass-restricted-python",
  "serverity": "\u4e2d",
  "submitTime": "2016-04-22",
  "title": "Plone\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

GHSA-6H8X-73FX-Q2H9

Vulnerability from github – Published: 2022-05-17 02:57 – Updated: 2024-10-18 15:41

Summary

Chameleon in Plone allows Authentication Bypass

Details

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

Severity ?

4.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0rc1"
            },
            {
              "last_affected": "5.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Plone"
      },
      "versions": [
        "5.1a1"
      ]
    }
  ],
  "aliases": [
    "CVE-2016-4043"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-31T21:08:39Z",
    "nvd_published_at": "2017-02-24T20:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.",
  "id": "GHSA-6h8x-73fx-q2h9",
  "modified": "2024-10-18T15:41:47Z",
  "published": "2022-05-17T02:57:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4043"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/plone/Plone"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-57.yaml"
    },
    {
      "type": "WEB",
      "url": "https://plone.org/security/hotfix/20160419/bypass-restricted-python"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/04/20/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Chameleon in Plone allows Authentication Bypass"
}

FKIE_CVE-2016-4043

Vulnerability from fkie_nvd - Published: 2017-02-24 20:59 - Updated: 2025-04-20 01:37

Severity ?

4.9 (Medium) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Summary

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2016/04/20/3	Mailing List, Third Party Advisory
cve@mitre.org	https://plone.org/security/hotfix/20160419/bypass-restricted-python	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/04/20/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://plone.org/security/hotfix/20160419/bypass-restricted-python	Vendor Advisory

Impacted products

Vendor	Product	Version
plone	plone	5.0
plone	plone	5.0
plone	plone	5.0
plone	plone	5.0
plone	plone	5.0.1
plone	plone	5.0.2
plone	plone	5.0.3
plone	plone	5.0.4
plone	plone	5.1a1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8AF9FB6C-134F-4653-8771-1BF46AB39344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E22BA768-96DE-408F-8979-4CC58B50A09C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "1672268D-2EFB-4D9E-99D4-AAEFEA659091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF74DD4-27BB-4881-B324-B53336EF0648",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C6962EC-8398-4564-9840-AECB3E3D697D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "83D341D6-AB11-444F-88FD-22303D1E3F65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A98F25E9-C852-458A-B6B9-656B81CC0D33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates."
    },
    {
      "lang": "es",
      "value": "Chameleon (five.pt) en Plone 5.0rc1 hasta la versi\u00f3n 5.1a1 permite a usuarios remotos autenticados eludir Restricted Python aprovechando permisos para crear y editar plantillas."
    }
  ],
  "id": "CVE-2016-4043",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-24T20:59:00.360",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/04/20/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://plone.org/security/hotfix/20160419/bypass-restricted-python"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/04/20/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://plone.org/security/hotfix/20160419/bypass-restricted-python"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-4043

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.

Aliases

CVE-2016-4043

Aliases

CVE-2016-4043

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-4043",
    "description": "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.",
    "id": "GSD-2016-4043"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-4043"
      ],
      "details": "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.",
      "id": "GSD-2016-4043",
      "modified": "2023-12-13T01:21:18.400896Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-4043",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[oss-security] 20160419 Re: CVE Request: Bypass Restricted Python - Plone",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2016/04/20/3"
          },
          {
            "name": "https://plone.org/security/hotfix/20160419/bypass-restricted-python",
            "refsource": "CONFIRM",
            "url": "https://plone.org/security/hotfix/20160419/bypass-restricted-python"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=5.0rc1,\u003c=5.1a1",
          "affected_versions": "All versions starting from 5.0rc1 up to 5.1a1",
          "cvss_v2": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-264",
            "CWE-937"
          ],
          "date": "2023-07-31",
          "description": "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates.",
          "fixed_versions": [],
          "identifier": "CVE-2016-4043",
          "identifiers": [
            "GHSA-6h8x-73fx-q2h9",
            "CVE-2016-4043"
          ],
          "not_impacted": "",
          "package_slug": "pypi/Plone",
          "pubdate": "2022-05-17",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Chameleon in Plone allows Authentication Bypass",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-4043",
            "https://plone.org/security/hotfix/20160419/bypass-restricted-python",
            "http://www.openwall.com/lists/oss-security/2016/04/20/3",
            "https://github.com/advisories/GHSA-6h8x-73fx-q2h9"
          ],
          "uuid": "a9a1215a-0494-4972-812f-2e422b854a19"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-4043"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://plone.org/security/hotfix/20160419/bypass-restricted-python",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://plone.org/security/hotfix/20160419/bypass-restricted-python"
            },
            {
              "name": "[oss-security] 20160419 Re: CVE Request: Bypass Restricted Python - Plone",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/04/20/3"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-02-28T18:53Z",
      "publishedDate": "2017-02-24T20:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-4043 (GCVE-0-2016-4043)

PYSEC-2017-57

CNVD-2016-02606

GHSA-6H8X-73FX-Q2H9

FKIE_CVE-2016-4043

GSD-2016-4043

Tags

Sightings

Nomenclature