CVE-2012-5499

Plone <4.2.3, <4.3 - DoS

Title source: llm

Description

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.

References (5)

Core 5

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1194.html

Various Sources x_refsource_confirm

https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt

View Writeup ZIP pw:eip

Vendor Advisory x_refsource_confirm

https://plone.org/products/plone/security/advisories/20121106/15

Patch x_refsource_confirm

https://plone.org/products/plone-hotfix/releases/20121106

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/11/10/1

Scores

EPSS 0.0089

EPSS Percentile 75.6%

Details

CWE

CWE-399

Status published

Products (50)

plone/plone 1.0

plone/plone 1.0.1

plone/plone 1.0.2

plone/plone 1.0.3

plone/plone 1.0.4

plone/plone 1.0.5

plone/plone 1.0.6

plone/plone 2.0

plone/plone 2.0.1

plone/plone 2.0.2

... and 40 more

Published Sep 30, 2014

Tracked Since Feb 18, 2026