Vulnerability Details : CVE-2012-5507

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

Published 2014-09-30 14:55:07

Updated 2014-10-02 18:25:06

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-5507

Probability of exploitation activity in the next 30 days: 0.43%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 71 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-5507

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	[email protected]
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2012-5507

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: [email protected] (Primary)

References for CVE-2012-5507

Products affected by CVE-2012-5507

Zope » Zope » Version: 2.5.1
cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.7.4
cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.7.5
cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.7.0
cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.7.8
cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.7.6
cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.7.7
cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.8.6
cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.8.4
cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.7.3
cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.8.1
cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.9.2
cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.9.3
cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.8.8
cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.9.6
cpe:2.3:a:zope:zope:2.9.6:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.9.5
cpe:2.3:a:zope:zope:2.9.5:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.6.4
cpe:2.3:a:zope:zope:2.6.4:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.9.4
cpe:2.3:a:zope:zope:2.9.4:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.6.1
cpe:2.3:a:zope:zope:2.6.1:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.11.0
cpe:2.3:a:zope:zope:2.11.0:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.9.7
cpe:2.3:a:zope:zope:2.9.7:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.11.1
cpe:2.3:a:zope:zope:2.11.1:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.11.2
cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.10.3
cpe:2.3:a:zope:zope:2.10.3:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.11.3
cpe:2.3:a:zope:zope:2.11.3:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.10.8
cpe:2.3:a:zope:zope:2.10.8:*:*:*:*:*:*:*
Matching versions
Zope » Zope » Version: 2.13.18
cpe:2.3:a:zope:zope:2.13.18:*:*:*:*:*:*:*
Matching versions
Plone » Plone
Versions up to, including, (<=) 4.2.2
cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.0.5
cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.1.2
cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.5
cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.5.1
cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0
cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0.1
cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0.2
cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.5.4
cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.1
cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.5.2
cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0.3
cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0.5
cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.5.1
cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.7
cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.3
cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.3.2
cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.1.1
cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.1.3
cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.1.4
cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0.6
cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1
cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.1
cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.2
cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.3
cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.3.4
cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.3.5
cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.5.5
cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.2
cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.2.1
cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.2.2
cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.2.3
cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.5.3
cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.0.4
cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.4
cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.1.6
cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.3.1
cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 3.3.3
cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0
cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.0.4
cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.0.3
cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0.2
cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0.5
cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.0
cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0.3
cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0.4
cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0
cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.0.2
cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0.1
cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 1.0.6
cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 2.0.1
cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0.1
cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0.6.1
cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0.5
cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0.4
cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0.3
cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.0.2
cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.1
cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2
cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.0.1
cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.1.6
cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.1.5
cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3
cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2 Update B2
cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2 Update B1
cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.1
cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.1.1
cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2 Update A2
cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2 Update A1
cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2 Update RC2
cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2 Update RC1
cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.1.4
cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*
Matching versions