Description

The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.

Remediation

References

CVE-2012-5508

Related Vulnerabilities

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3455)

WordPress Plugin Custom Post Type UI 'wp-admin/admin.php' Cross-Site Scripting (0.7)

WordPress Plugin Blue Wrench Video Widget Cross-Site Request Forgery (1.0.5)

MySQL CVE-2016-3492 Vulnerability (CVE-2016-3492)

PostgreSQL CVE-2022-41862 Vulnerability (CVE-2022-41862)

Severity

Medium

Classification

CVE-2012-5508 CWE-200

Tags

Missing Update Known Vulnerabilities