Description

atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.

Remediation

References

CVE-2012-5505

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2011-3268)

WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)

Zope Web Application Server CVE-2011-3587 Vulnerability (CVE-2011-3587)

phpMyFAQ Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Vulnerability (CVE-2023-5866)

Joomla Incorrect Authorization Vulnerability (CVE-2010-1435)

Severity

Medium

Classification

CVE-2012-5505 CWE-200

Tags

Missing Update Known Vulnerabilities