CVE-2012-5501

Опубликовано: 06 нояб. 2012

Источник: redhat

CVSS2: 6.4

Описание

at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.

Отчет

Not vulnerable. This issue did not affect the versions of luci (as provided by conga) as shipped with Red Hat Enterprise Linux 5.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	conga	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=874162(Plone): Crafted URLs allow downloading of BLOBs not visible to the user

6.4 Medium

CVSS2

Связанные уязвимости

CVE-2012-5501

nvd

больше 11 лет назад

at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.

GHSA-pvhv-qwc8-r2pg

CVSS3: 7.5

github

больше 3 лет назад

Plone Arbitrary File Read

6.4 Medium

CVSS2