The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://dev.plone.org/plone/ticket/5432 http://www.debian.org/security/2006/dsa-1032 http://secunia.com/advisories/19633/ http://www.vuxml.org/freebsd/22c6b826-cee0-11da-8578-00123ffe8333.html

The following package is affected: plone CVE-2006-1711 Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.