Description

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access.

Remediation

References

CVE-2012-5506

Related Vulnerabilities

WordPress Plugin WP Statistics SQL Injection (13.0.7)

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)

WordPress Plugin wp-mpdf Cross-Site Request Forgery (3.5.1)

Apache HTTP Server CVE-2012-0031 Vulnerability (CVE-2012-0031)

WordPress Plugin Contact Form DB Cross-Site Scripting (2.8.27)

Severity

Medium

Classification

CVE-2012-5506

Tags

Missing Update Known Vulnerabilities