CVE-2012-5497

Опубликовано: 06 нояб. 2012

Источник: redhat

CVSS2: 5

EPSS Низкий

Описание

membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.

It was discovered that Plone, included as a part of luci, did not properly enforce permissions checks on the membership database. A remote attacker could use a specially crafted URL that, when processed, could allow the attacker to enumerate user account names.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	conga	Affected
Red Hat Enterprise Linux 5	conga	Fixed	RHSA-2014:1194	16.09.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-284->CWE-200

https://bugzilla.redhat.com/show_bug.cgi?id=874681(Plone): Anonymous users can list user account names

EPSS

Процентиль: 62%

0.00435

Низкий

5 Medium

CVSS2

Связанные уязвимости

CVE-2012-5497

nvd

почти 11 лет назад

membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.

GHSA-683w-84m7-p8pw

CVSS3: 5.3

github

больше 3 лет назад

Plone User account enumeration via crafted URL

ELSA-2014-1194

oracle-oval