oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Privilege escalation in webdav - Plone

From: cve-assign () mitre org
Date: Tue, 19 Apr 2016 22:48:31 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


https://plone.org/security/20160419/privilege-escalation-in-webdav

An missing webdav security declaration would allow unauthorized webdav
access.

Dexterity content is missing security declarations for webdav
requests. This only affects dexterity objects.


Use CVE-2016-4041.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXFu1jAAoJEHb/MwWLVhi2XhYP/iEuDLHpK0yAlUanQ84JR7Vo
5zjA4X6t1QjROK85TZ0rrL/BsFPjIFFFlF3ZxrmmB9cdH4ivcmCHJdFyiH9jQtAZ
rnbvoiHv9f1/6Uk+FV2JdPUBM52f8Kn7AwFoAvq7qG+PMmStrSdzWWgoTi0YUC6E
KjbguUminpBefepZAYJ+Y5QWeE6gD++7SUsqIG5GUzcBnRjp0GYAGiRmHmJLq2tm
4aXMMnTgjRiKvyhbT/uwy9DknVDTUS2UOqwLlqF5XnN/VdBLWU9um1yj9mwtMUPe
b2Gcz/dKiw2DSTB5DyPHiXla53fbnP5e3vDj50SXRzm9aVy31EmXD7WYmqmU7dnu
Lg4xULG/eFklNqu71xCJeNrXBHlyS3LkYmeSMbvAUfMBuQkwzNzjD3ZsQUnrN5uF
Qn6GuZdR8CB0zxL0pEMlPhR966/FioAA3mULL/4nb9y6S06WJK3rLGyNibIYSpLz
LpYOqAC0/Ypy6+hZw8V7f74MX1NFdK2CdwQImbznpQsBPSdVLS4Q+Y8zzXO+Jost
8Lu103QwF2qnCgtg3zF5QZoe+Pc9E2UK68qwT6b7X69AFqKIFEHIMjU6r+pmm8D5
301MleHJvUC0ENJP8m/qLrbcLv0GLri9CNIjDWLEMX8/YhJuzTSvuIQaDd49A4VH
W5gNwEwkSEmqpjCZ/Rjw
=vUyo
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: