CVE-2011-3587

EXPLOITED

Zope <2.13.x - RCE

Title source: llm

Description

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Nick Miles · textwebappsmultiple

https://www.exploit-db.com/exploits/18262

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Unknown, Nick Miles · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/plone_popen2.rb

View Code ZIP pw:eip

References (8)

[Patch] http://plone.org/products/plone-hotfix/releases/20110928

[Patch] http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip

[Patch, Vendor Advisory] http://plone.org/products/plone/security/advisories/20110928

[Patch] http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0

[Vendor Advisory] http://secunia.com/advisories/46221

[Third Party Advisory] http://secunia.com/advisories/46323

[Patch] http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587

[Patch] https://bugzilla.redhat.com/show_bug.cgi?id=742297

Scores

EPSS 0.9059

EPSS Percentile 99.6%

Exploitation Intel

VulnCheck KEV 2020-10-14

Classification

Status draft

Affected Products (50)

plone/plone

plone/plone

plone/plone

plone/plone

plone/plone

plone/plone

plone/plone

plone/plone

plone/plone

plone/plone

plone/plone

plone/plone

plone/plone

plone/plone

zope/zope

... and 35 more

Timeline

Published Oct 10, 2011

Tracked Since Feb 18, 2026