Plone Security Bypass
High Nessus Plugin ID 53546
SynopsisThe remote web server has an application that that is affected by a security bypass vulnerability.
DescriptionThe version of Plone on the remote host fails to require authentication to access several sensitive functions.
Plone is built on top of Zope, which maps Python objects and their methods to URLs. Methods can have security restrictions, such as requiring a login account or a specific privilege level, applied to them to limit access. The installed version of Plone permits access to several methods that allow the adding, deleting, and changing content and users.
SolutionApply Plone Hotfix CVE-2011-0720.