CVE-2011-3587

EXPLOITED

Zope <2.13.x - RCE

Title source: llm

Description

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Nick Miles · textwebappsmultiple

https://www.exploit-db.com/exploits/18262

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Unknown, Nick Miles · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/plone_popen2.rb

View Code ZIP pw:eip

References (8)

[Patch] http://plone.org/products/plone-hotfix/releases/20110928

[Patch] http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip

[Patch, Vendor Advisory] http://plone.org/products/plone/security/advisories/20110928

[Patch] http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0

[Vendor Advisory] http://secunia.com/advisories/46221

[Third Party Advisory] http://secunia.com/advisories/46323

[Patch] http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587

[Patch] https://bugzilla.redhat.com/show_bug.cgi?id=742297

Scores

EPSS 0.9046

EPSS Percentile 99.6%

Details

VulnCheck KEV 2020-10-14

Status published

Products (37)

plone/plone 4.0

plone/plone 4.0.1

plone/plone 4.0.2

plone/plone 4.0.3

plone/plone 4.0.4

plone/plone 4.0.5

plone/plone 4.0.6.1

plone/plone 4.0.7

plone/plone 4.0.8

plone/plone 4.0.9

... and 27 more

Published Oct 10, 2011

Tracked Since Feb 18, 2026