CVE-2013-4200
published 2014-01-21CVE-2013-4200: The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with…
PriorityP431medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EXPLOIT
EPSS
2.36%
81.7th percentile
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.
Affected
49 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
| plone | plone | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Plone Open Redirection vulnerability via next parameter
ghsa·2022-05-14
CVE-2013-4200 [HIGH] CWE-601 Plone Open Redirection vulnerability via next parameter
Plone Open Redirection vulnerability via next parameter
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.
OSV
Plone Open Redirection vulnerability via next parameter
osv·2022-05-14
CVE-2013-4200 [HIGH] Plone Open Redirection vulnerability via next parameter
Plone Open Redirection vulnerability via next parameter
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.
OSV
CVE-2013-4200: The isURLInPortal method in the URLTool class in in_portal
osv·2014-01-21
CVE-2013-4200 CVE-2013-4200: The isURLInPortal method in the URLTool class in in_portal
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.
No detection rules found.
Bugzilla
CVE-2013-4200 CVE-2013-4197 CVE-2013-4196 CVE-2013-4195 CVE-2013-4194 CVE-2013-4193 CVE-2013-4192 CVE-2013-4191 CVE-2013-4190 CVE-2013-4188 CVE-2013-4189 CVE-2013-4199 CVE-2013-4198 plone: various fla
bugzilla·2013-08-01·CVSS 4.3
CVE-2013-4200 [MEDIUM] CVE-2013-4200 CVE-2013-4197 CVE-2013-4196 CVE-2013-4195 CVE-2013-4194 CVE-2013-4193 CVE-2013-4192 CVE-2013-4191 CVE-2013-4190 CVE-2013-4188 CVE-2013-4189 CVE-2013-4199 CVE-2013-4198 plone: various fla
CVE-2013-4200 CVE-2013-4197 CVE-2013-4196 CVE-2013-4195 CVE-2013-4194 CVE-2013-4193 CVE-2013-4192 CVE-2013-4191 CVE-2013-4190 CVE-2013-4188 CVE-2013-4189 CVE-2013-4199 CVE-2013-4198 plone: various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bug
Bugzilla
CVE-2013-4200 plone: Forwarding of cookie data (session hijack) in certain browsers (in_portal.py)
bugzilla·2013-06-26·CVSS 5.8
CVE-2013-4200 [MEDIUM] CVE-2013-4200 plone: Forwarding of cookie data (session hijack) in certain browsers (in_portal.py)
CVE-2013-4200 plone: Forwarding of cookie data (session hijack) in certain browsers (in_portal.py)
A security flaw was found in the way Plone, a user friendly and powerful content management system, previously protected user's cookie data in certain situations. A remote attacker could provide a specially-crafted URL that, when visited by a valid Plone user could lead to Plone user's cookie to be forwarded if the victim was using certain browsers (possibility of session hijack).
Discussion:
References:
http://plone.org/products/plone/security/advisories/20130611-announcement
---
The CVE identifier of CVE-2013-4200 has been assigned to this issue:
http://www.openwall.com/lists/oss-security/2013/08/01/2
---
Created plone tracking bugs for this issue:
Affects: epel-5 [bug 991015]
---
http://plone.org/products/plone-hotfix/releases/20130618http://plone.org/products/plone/security/advisories/20130618-announcementhttp://www.openwall.com/lists/oss-security/2013/08/01/2http://www.securityfocus.com/archive/1/530787/100/0/threadedhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200http://plone.org/products/plone-hotfix/releases/20130618http://plone.org/products/plone/security/advisories/20130618-announcementhttp://www.openwall.com/lists/oss-security/2013/08/01/2http://www.securityfocus.com/archive/1/530787/100/0/threadedhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4200
2014-01-21
Published