High severityNVD Advisory· Published Oct 10, 2011· Updated Apr 29, 2026
CVE-2011-3587
CVE-2011-3587
Description
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zope2PyPI | >= 2.12.0, < 2.12.20 | 2.12.20 |
zope2PyPI | >= 2.13.0, < 2.13.10 | 2.13.10 |
Affected products
60cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*
- cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*
cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*+ 45 more
- cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:a1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:a2:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:a3:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:a4:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:b1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:b2:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:b3:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.0:b4:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.10:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.11:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.12:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.13:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.14:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.15:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.16:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.17:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.18:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.19:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.20:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.8:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.12.9:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:a1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:a2:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:a3:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:a4:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:b1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.0:c1:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.10:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.8:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.13.9:*:*:*:*:*:*:*
Patches
21 file changed · +4 −4
src/OFS/misc_.py+4 −4 modified@@ -15,7 +15,11 @@ from AccessControl.class_init import InitializeClass from AccessControl.SecurityInfo import ClassSecurityInfo +import App from App.ImageFile import ImageFile +import HelpSys +import OFS +import webdav class misc_: @@ -34,20 +38,17 @@ class p_: here = dirname(__file__) broken = ImageFile('www/broken.gif', here) - import OFS ofs_dir = dirname(OFS.__file__) User_icon = ImageFile('www/User_icon.gif', ofs_dir) locked = ImageFile('www/modified.gif', here) lockedo = ImageFile('www/locked.gif', here) - import webdav davlocked = ImageFile('www/davlock.gif', dirname(webdav.__file__)) pl = ImageFile('www/Plus_icon.gif', ofs_dir) mi = ImageFile('www/Minus_icon.gif', ofs_dir) - import App app_dir = dirname(App.__file__) rtab = ImageFile('www/rtab.gif', app_dir) ltab = ImageFile('www/ltab.gif', app_dir) @@ -73,7 +74,6 @@ class p_: Properties_icon = ImageFile('www/Properties_icon.gif', ofs_dir) Propertysheets_icon = ImageFile('www/Properties_icon.gif', ofs_dir) - import HelpSys helpsys_dir = dirname(HelpSys.__file__) ProductHelp_icon=ImageFile('images/productHelp.gif', helpsys_dir) HelpTopic_icon=ImageFile('images/helpTopic.gif', helpsys_dir)
1 file changed · +6 −6
src/OFS/misc_.py+6 −6 modified@@ -13,9 +13,15 @@ from os.path import dirname +import AccessControl from AccessControl.SecurityInfo import ClassSecurityInfo +import App from App.class_init import InitializeClass from App.ImageFile import ImageFile +import HelpSys +import OFS +import TreeDisplay +import webdav class misc_: @@ -34,29 +40,24 @@ class p_: here = dirname(__file__) broken = ImageFile('www/broken.gif', here) - import AccessControl User_icon = ImageFile('www/User_icon.gif', dirname(AccessControl.__file__)) locked = ImageFile('www/modified.gif', here) lockedo = ImageFile('www/locked.gif', here) - import webdav davlocked = ImageFile('www/davlock.gif', dirname(webdav.__file__)) - import TreeDisplay treedisplay_dir = dirname(TreeDisplay.__file__) pl = ImageFile('www/Plus_icon.gif', treedisplay_dir) mi = ImageFile('www/Minus_icon.gif', treedisplay_dir) - import App app_dir = dirname(App.__file__) rtab = ImageFile('www/rtab.gif', app_dir) ltab = ImageFile('www/ltab.gif', app_dir) sp = ImageFile('www/sp.gif', app_dir) r_arrow_gif = ImageFile('www/r_arrow.gif', here) l_arrow_gif = ImageFile('www/l_arrow.gif', here) - import OFS ofs_dir = dirname(OFS.__file__) ControlPanel_icon = ImageFile('www/ControlPanel_icon.gif', ofs_dir) ApplicationManagement_icon = ImageFile('www/cpSystem.gif', app_dir) @@ -76,7 +77,6 @@ class p_: Properties_icon = ImageFile('www/Properties_icon.gif', ofs_dir) Propertysheets_icon = ImageFile('www/Properties_icon.gif', ofs_dir) - import HelpSys helpsys_dir = dirname(HelpSys.__file__) ProductHelp_icon=ImageFile('images/productHelp.gif', helpsys_dir) HelpTopic_icon=ImageFile('images/helpTopic.gif', helpsys_dir)
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
14- plone.org/products/plone-hotfix/releases/20110928nvdPatchWEB
- plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zipnvdPatchWEB
- plone.org/products/plone/security/advisories/20110928nvdPatchVendor AdvisoryWEB
- pypi.python.org/pypi/Products.PloneHotfix20110928/1.0nvdPatchWEB
- zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587nvdPatchWEB
- bugzilla.redhat.com/show_bug.cginvdPatchWEB
- secunia.com/advisories/46221nvdVendor Advisory
- github.com/advisories/GHSA-8w48-m6hx-rjw2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-3587ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/products-plonehotfix20110928/PYSEC-2011-26.yamlghsaWEB
- github.com/zopefoundation/Zope/commit/491a583d8c6622b80c75917e5017c4bb4b15e477ghsaWEB
- github.com/zopefoundation/Zope/commit/6bb2fb3c04a76b00bec9bd7c069733e06fa6ebe9ghsaWEB
- web.archive.org/web/20111013043934/http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587ghsaWEB
- secunia.com/advisories/46323nvd
News mentions
0No linked articles in our index yet.