CVE-2012-5507
Plone and Zope2 affected by Race Condition
7.5
HIGH
CVSS 3.1
EPSS 0.28%
Description
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
How to fix CVE-2012-5507
To remediate CVE-2012-5507, upgrade the affected package to a fixed version below.
- PyPI/plone—upgrade to 4.2.3 or later
- —upgrade to 4.2.3 or later
- —upgrade to 2.13.19 or later
- —upgrade to 2.13.19 or later
Is CVE-2012-5507 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- >= 3.2.2, < 4.2.3
- from 0, < 4.2.3, >= 4.3a0, < 4.3b1
- from 0, < 2.13.19
- from 0, < 2.13.19
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |