Vulnerability Details : CVE-2011-3587
Public exploit exists!
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
Products affected by CVE-2011-3587
- cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.8:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.9:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.17:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:b1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:b3:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:b4:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.12:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.10:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:a2:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:a4:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.16:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:c1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:a2:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:b2:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:a4:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:a3:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:b1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.14:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.15:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.18:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:a1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.11:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.13:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:a3:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:a1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.19:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.20:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.10:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.8:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.9:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
Threat overview for CVE-2011-3587
Top countries where our scanners detected CVE-2011-3587
Top open port discovered on systems with this issue
80
IPs affected by CVE-2011-3587 172
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-3587!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-3587
96.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2011-3587
-
Plone and Zope XMLTools Remote Command Execution
Disclosure Date: 2011-10-04First seen: 2020-04-26exploit/multi/http/plone_popen2Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules. Aut
CVSS scores for CVE-2011-3587
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2011-3587
-
http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0
Products.PloneHotfix20110928 · PyPIPatch
-
http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip
Plone: Enterprise Level CMS - Free and OpenSource - Community Driven - SecurePatch
-
https://bugzilla.redhat.com/show_bug.cgi?id=742297
742297 – (CVE-2011-3587) CVE-2011-3587 zope: Unspecified vulnerability in Zope v2.12.x and Zope v2.13.x allowing arbitrary code executionPatch
-
http://plone.org/products/plone/security/advisories/20110928
Plone: Enterprise Level CMS - Free and OpenSource - Community Driven - SecurePatch;Vendor Advisory
-
http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587
Patch
-
http://plone.org/products/plone-hotfix/releases/20110928
Plone: Enterprise Level CMS - Free and OpenSource - Community Driven - SecurePatch
Jump to