CVE-2015-7293

Опубликовано: 25 сент. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.

Ссылки

http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
https://plone.org/security/hotfix/20151006
Vendor Advisory
https://pypi.python.org/pypi/plone4.csrffixes
Third Party Advisory
https://www.exploit-db.com/exploits/38411/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/133889/Zope-Management-Interface-4.3.7-Cross-Site-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
https://plone.org/security/hotfix/20151006
Vendor Advisory
https://pypi.python.org/pypi/plone4.csrffixes
Third Party Advisory
https://www.exploit-db.com/exploits/38411/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.12:*:*:*:*:*:*:*

cpe:2.3:a:plone:plone:4.3.14:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:zope:zope_management_interface:*:*:*:*:*:*:*:*

Версия до 4.3.7 (включая)

EPSS

Процентиль: 56%

0.00332

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-p3qm-44cf-f8qx