Description

queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.

Remediation

References

CVE-2012-5498

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-1622)

WordPress Plugin Kish Guest Posting 'uploadify.php' Arbitrary File Upload (1.2)

LimeSurvey Other Vulnerability (CVE-2014-5018)

WordPress Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4338)

WordPress 4.3.x Same Origin Method Execution (SOME) Vulnerability (4.3 - 4.3.3)

Severity

Medium

Classification

CVE-2012-5498 CWE-264

Tags

Missing Update Known Vulnerabilities