Plone » Plone » 3.3.4 * * * : Security Vulnerabilities (Denial Of Service)
Cpe Name:
cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2013-4199 |
20 |
|
DoS |
2014-03-11 |
2014-03-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed). |
2 |
CVE-2013-4188 |
399 |
|
DoS |
2014-03-11 |
2014-03-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources." |
3 |
CVE-2012-5506 |
399 |
|
DoS |
2014-09-30 |
2014-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access. |
4 |
CVE-2012-5499 |
399 |
|
DoS |
2014-09-30 |
2014-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns. |
5 |
CVE-2012-5498 |
264 |
|
DoS Bypass |
2014-09-30 |
2015-11-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. |
6 |
CVE-2012-5496 |
399 |
|
DoS |
2014-09-30 |
2014-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL. |
7 |
CVE-2011-4462 |
20 |
|
DoS |
2011-12-30 |
2017-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. |
Total number of vulnerabilities :
7
Page :
1
(This Page)