CVE-2012-5507 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Affected Products (NVD)

Vendor	Product	Version
zope	zope	2.5.1
zope	zope	2.6.1
zope	zope	2.6.4
zope	zope	2.7.0
zope	zope	2.7.3
zope	zope	2.7.4
zope	zope	2.7.5
zope	zope	2.7.6
zope	zope	2.7.7
zope	zope	2.7.8
zope	zope	2.8.1
zope	zope	2.8.4
zope	zope	2.8.6
zope	zope	2.8.8
zope	zope	2.9.2
zope	zope	2.9.3
zope	zope	2.9.4
zope	zope	2.9.5
zope	zope	2.9.6
zope	zope	2.9.7
zope	zope	2.10.3
zope	zope	2.10.8
zope	zope	2.11.0
zope	zope	2.11.1
zope	zope	2.11.2
zope	zope	2.11.3
zope	zope	2.13.18
plone	plone	𝑥 ≤ 4.2.2
plone	plone	1.0
plone	plone	1.0.1
plone	plone	1.0.2
plone	plone	1.0.3
plone	plone	1.0.4
plone	plone	1.0.5
plone	plone	1.0.6
plone	plone	2.0
plone	plone	2.0.1
plone	plone	2.0.2
plone	plone	2.0.3
plone	plone	2.0.4
plone	plone	2.0.5
plone	plone	2.1
plone	plone	2.1.1
plone	plone	2.1.2
plone	plone	2.1.3
plone	plone	2.1.4
plone	plone	2.5
plone	plone	2.5.1
plone	plone	2.5.2
plone	plone	2.5.3
plone	plone	2.5.4
plone	plone	2.5.5
plone	plone	3.0
plone	plone	3.0.1
plone	plone	3.0.2
plone	plone	3.0.3
plone	plone	3.0.4
plone	plone	3.0.5
plone	plone	3.0.6
plone	plone	3.1
plone	plone	3.1.1
plone	plone	3.1.2
plone	plone	3.1.3
plone	plone	3.1.4
plone	plone	3.1.5.1
plone	plone	3.1.6
plone	plone	3.1.7
plone	plone	3.2
plone	plone	3.2.1
plone	plone	3.2.2
plone	plone	3.2.3
plone	plone	3.3
plone	plone	3.3.1
plone	plone	3.3.2
plone	plone	3.3.3
plone	plone	3.3.4
plone	plone	3.3.5
plone	plone	4.0
plone	plone	4.0.1
plone	plone	4.0.2
plone	plone	4.0.3
plone	plone	4.0.4
plone	plone	4.0.5
plone	plone	4.0.6.1
plone	plone	4.1
plone	plone	4.1.4
plone	plone	4.1.5
plone	plone	4.1.6
plone	plone	4.2
plone	plone	4.2:a1
plone	plone	4.2:a2
plone	plone	4.2:b1
plone	plone	4.2:b2
plone	plone	4.2:rc1
plone	plone	4.2:rc2
plone	plone	4.2.0.1
plone	plone	4.2.1
plone	plone	4.2.1.1
plone	plone	4.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://www.openwall.com/lists/oss-security/2012/11/10/1

https://bugs.launchpad.net/zope2/+bug/1071067

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

https://plone.org/products/plone-hotfix/releases/20121106

https://plone.org/products/plone/security/advisories/20121106/23

http://www.openwall.com/lists/oss-security/2012/11/10/1

https://bugs.launchpad.net/zope2/+bug/1071067

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

https://plone.org/products/plone-hotfix/releases/20121106

https://plone.org/products/plone/security/advisories/20121106/23