CVE-2007-5741

Name of the Vulnerable Software and Affected Versions: Plone versions 2.5 through 2.5.4 Plone versions 3.0 through 3.0.2

Description: The issue allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the statusmessages or linkintegrity module. Multiple vulnerabilities in the plone-site package may lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations: For Plone versions 2.5 through 2.5.4, consider disabling the statusmessages and linkintegrity modules to minimize the risk of exploitation. For Plone versions 3.0 through 3.0.2, restrict access to the statusmessages and linkintegrity modules until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.