CVE-2016-7135 : Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x throu

Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and 4.2.x through 4.3.11 allows remote administrators to read arbitrary files via a .. (dot dot) in the path parameter in a getFile action to Plone/++theme++barceloneta/@@plone.resourceeditor.filemanager-actions.

Published 2017-03-07 16:59:01

Updated 2018-10-09 20:00:52

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2016-7135

Plone » Plone » Version: 4.2
cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3
cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.1
cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3.1
cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.3
cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.4
cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.5
cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.2
cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.6
cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.2.7
cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3.2
cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3.11
cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3.10
cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3.9
cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3.8
cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3.3
cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3.6
cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3.4
cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3.7
cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 4.3.5
cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 5.0 Update RC1
cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 5.0 Update RC3
cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 5.0.2
cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 5.0.3
cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 5.0.4
cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 5.0
cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 5.1a1
cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 5.0 Update RC2
cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 5.0.1
cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 5.0 Update A1
cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 5.0.6
cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*
Matching versions
Plone » Plone » Version: 5.0.5
cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-7135

EPSS FAQ

0.70%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-7135

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:P/I:N/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
4.9	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	1.2	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2016-7135

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-7135

http://seclists.org/fulldisclosure/2016/Oct/80

Full Disclosure: Multiple Vulnerabilities in Plone CMS
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/archive/1/539572/100/0/threaded

SecurityFocus

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/09/05/4

oss-security - Re: CVE request: Plone multiple vulnerabilities
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://plone.org/security/hotfix/20160830/filesystem-information-leak

Filesystem information leak — Plone.org
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/09/05/5

oss-security - Re: CVE request: Plone multiple vulnerabilities
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/92752

Plone Multiple Security vulnerabilities

CVEs referencing this url
http://packetstormsecurity.com/files/139110/Plone-CMS-4.3.11-5.0.6-XSS-Traversal-Open-Redirection.html

Plone CMS 4.3.11 / 5.0.6 XSS / Traversal / Open Redirection ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-7135

Products affected by CVE-2016-7135

Exploit prediction scoring system (EPSS) score for CVE-2016-7135

CVSS scores for CVE-2016-7135

CWE ids for CVE-2016-7135

References for CVE-2016-7135