High severity7.3NVD Advisory· Published Feb 24, 2017· Updated May 13, 2026
CVE-2016-4041
CVE-2016-4041
Description
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
PlonePyPI | >= 3.3, < 4.3.10 | 4.3.10 |
PlonePyPI | >= 5.0, < 5.0.5 | 5.0.5 |
PlonePyPI | >= 5.1a1, < 5.1a2 | 5.1a2 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.openwall.com/lists/oss-security/2016/04/20/1nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-qqgj-22gr-73vxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-4041ghsaADVISORY
- plone.org/security/hotfix/20160419/privilege-escalation-in-webdavnvdVendor AdvisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2017-55.yamlghsaWEB
News mentions
0No linked articles in our index yet.