Plone Request Parsing Remote Command Execution

high Nessus Plugin ID 57350

Synopsis

A web application on the remote host allows arbitrary remote code execution.

Description

The version of Plone hosted on the remote web server has a flaw that allows arbitrary access to Python modules. Using a specially crafted URL, this can allow an unauthenticated, remote attacker the ability to run arbitrary commands on the system through the Python 'os' module in the context of the 'Zope/Plone' service.

Solution

Follow the instructions in the advisory to apply the hotfix.

See Also

http://plone.org/products/plone/security/advisories/20110928

http://plone.org/products/plone-hotfix/releases/20110928

http://www.nessus.org/u?b32a0de5

https://pypi.org/project/Products.PloneHotfix20110928/1.0/

Plugin Details

Severity: High

ID: 57350

File Name: plone_20110928.nasl

Version: 1.15

Type: remote

Family: CGI abuses

Published: 12/20/2011

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:plone:plone

Required KB Items: www/plone

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Exploited by Nessus: true

Patch Publication Date: 9/28/2011

Vulnerability Publication Date: 9/28/2011

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Plone and Zope XMLTools Remote Command Execution)

Elliot (Plone RCE)

Reference Information

CVE: CVE-2011-3587

BID: 49857