Описание
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
It was discovered that Plone, included as a part of luci, did not properly handle the processing of requests for certain collections. A remote attacker could use a specially crafted URL that, when processed, would lead to excessive I/O and/or cache resource consumption.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | conga | Affected | ||
| Red Hat Enterprise Linux 5 | conga | Fixed | RHSA-2014:1194 | 16.09.2014 |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=874665(Plone): Partial denial of service through Collections functionality
EPSS
Процентиль: 78%
0.01169
Низкий
5 Medium
CVSS2
Связанные уязвимости
nvd
почти 11 лет назад
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
oracle-oval
почти 11 лет назад
ELSA-2014-1194: conga security and bug fix update (MODERATE)
EPSS
Процентиль: 78%
0.01169
Низкий
5 Medium
CVSS2