Description

traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources."

Remediation

References

CVE-2013-4188

Related Vulnerabilities

Plone CMS Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2012-5507)

PHP Other Vulnerability (CVE-2007-1521)

Oracle Database Server CVE-2007-2110 Vulnerability (CVE-2007-2110)

Oracle JRE CVE-2012-1719 Vulnerability (CVE-2012-1719)

Oracle JRE CVE-2013-5775 Vulnerability (CVE-2013-5775)

Severity

Medium

Classification

CVE-2013-4188

Tags

Missing Update Known Vulnerabilities