CVE-2012-5498: Plone denial of service via Caching Bypass
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.77803%
CWE
Published
5/17/2022
Updated
10/14/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
plone | pip | < 4.2.3 | 4.2.3 |
Plone | pip | >= 4.3a0, < 4.3b1 | 4.3b1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
Multiple authoritative sources (CVE description, Plone security advisory GHSA-97rj-p794-wq6m, Red Hat errata RHSA-2014:1194, and Openwall discussions) explicitly identify queryCatalog.py as the vulnerable component. The CWE-400 classification confirms this is a resource consumption issue stemming from improper caching. While the exact function name isn't explicitly stated in all sources, the file name convention and Plone architecture patterns make 'queryCatalog' the logical entry point for collection query handling. The patch in Plone 4.2.3/4.3b1 would have modified this function's caching logic.