Back to search
CVE-2012-6661
Published: Nov 3, 2014
Modified: Sep 16, 2024
PUBLISHED
Description
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt
x_refsource_CONFIRM
https://bugs.launchpad.net/zope2/+bug/1071067
x_refsource_CONFIRM
https://plone.org/products/plone/security/advisories/20121106/24
x_refsource_CONFIRM
https://plone.org/products/plone-hotfix/releases/20121124
x_refsource_CONFIRM
[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now