{"id":"CVE-2016-4041","details":"Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.","aliases":["GHSA-qqgj-22gr-73vx","PYSEC-2017-55"],"modified":"2026-04-10T03:51:11.824955Z","published":"2017-02-24T20:59:00.283Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/04/20/1"},{"type":"ADVISORY","url":"https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/plone/plone","events":[{"introduced":"0"},{"last_affected":"548ce8d5e49774fd3531fc5ed58880c7a741a761"},{"introduced":"0"},{"last_affected":"40fd2b18bd0d733be3d4006ba5e998b11e510d8c"},{"introduced":"0"},{"last_affected":"3fd1fb166220743e8409af3aa92be8300c5ec940"},{"introduced":"0"},{"last_affected":"87d616d0808098b357922960dbec185c219acb13"},{"introduced":"0"},{"last_affected":"204d1e525537a254b16e4151c7229c5bead6df28"},{"introduced":"0"},{"last_affected":"406bbc24630619ad20c86b61f7198da49520a825"},{"introduced":"0"},{"last_affected":"1e60ca9217f5038fc7a9ea3b81afcaa1c08f359b"},{"introduced":"0"},{"last_affected":"3bc6cb6b05666aabe770268e34e56bc32ea4a591"},{"introduced":"0"},{"last_affected":"d89e290ebd951a584b7a55bcb4439b0898620288"},{"introduced":"0"},{"last_affected":"9378e691c0d32d5a6b16550d7a4bbad5792714be"},{"introduced":"0"},{"last_affected":"679129d1d6825506f9e13563b8abf4be3723ed33"},{"introduced":"0"},{"last_affected":"c6ca3fa925108f7bc2a638c5f7335b6767a743a1"},{"introduced":"0"},{"last_affected":"1503c5fa2df3dee711da4ccc6e2cc8a0a65ad6cf"},{"introduced":"0"},{"last_affected":"ad49b9b055b2a9a0ee40f82f23d85b786335756c"},{"introduced":"0"},{"last_affected":"9ef97fe1f46b8383ac3c48a9110e4cfccd7f807f"},{"introduced":"0"},{"last_affected":"0efd4ab3fdabd8eb64f22328563daae2e1819e4f"},{"introduced":"0"},{"last_affected":"e759411203bd0746cd7a1ed396c16b4843342e8c"},{"introduced":"0"},{"last_affected":"2183c78b82e1d84deb661043b27356995251de41"},{"introduced":"0"},{"last_affected":"7d94a438dde3784322813a399d46c54cd5b864e5"},{"introduced":"0"},{"last_affected":"f3dd0b7fac24438482e4368280a534f868b75f97"},{"introduced":"0"},{"last_affected":"d8f0c3f23d11b3ecf37740b454c8698521eb9ef9"},{"introduced":"0"},{"last_affected":"4708ff915d63bf21a9434d328fcd0b656bc66d94"},{"introduced":"0"},{"last_affected":"bfad4ef994a9b471fbfb314256df6840f286a032"},{"introduced":"0"},{"last_affected":"2a627f292e8b06c376b5c7093189b78f778c96b6"},{"introduced":"0"},{"last_affected":"ccc8eff38984b0a25a5827aabfdb8ab5e798ce30"},{"introduced":"0"},{"last_affected":"3e0c78057de5798ed989d0b2ed9dd12ec39978e1"},{"introduced":"0"},{"last_affected":"8a6687397896c935b7f2c59b58500fdf234854bb"},{"introduced":"0"},{"last_affected":"b0a5c6ce2148edc9c2055961f64af788d1054fc4"},{"introduced":"0"},{"last_affected":"00a67de4ddd27cdec07ed6f4c834131b492e3f91"},{"introduced":"0"},{"last_affected":"16257e3b0027d6f811aceff565aca0879d85be7d"},{"introduced":"0"},{"last_affected":"cdf44d1d0bea8b8d48f896ad7821d37715142ccf"},{"introduced":"0"},{"last_affected":"ab50347a0aeb2c3d68b6f7faae6a82d0a0e91516"},{"introduced":"0"},{"last_affected":"c7ca35de26093e40ae01ad0778b960cfde71fb3d"},{"introduced":"0"},{"last_affected":"83b346aef1cd7a5ea851fe5c02af4b94648767c6"},{"introduced":"0"},{"last_affected":"829aa2dd9d8f088ebf8f3da49b9e32ba90326135"},{"introduced":"0"},{"last_affected":"c4244a4887e0901a1c17b3ee60e1cfbe19ee46c5"},{"introduced":"0"},{"last_affected":"006f2dc3068b6d935e30bbea8e4ba41f6acacf33"},{"introduced":"0"},{"last_affected":"5f05c642ef0796b15e447793755b1bbd8ce40905"},{"introduced":"0"},{"last_affected":"c3d7603485d808537e024883ce401ad504924a5a"},{"introduced":"0"},{"last_affected":"eb76237a4e6587a8249acfe0649c153d9d1df910"},{"introduced":"0"},{"last_affected":"006f2dc3068b6d935e30bbea8e4ba41f6acacf33"},{"introduced":"0"},{"last_affected":"5d3edca6781cf97ae971db366f847e01887995e2"},{"introduced":"0"},{"last_affected":"6371a276e3775cb11070862a0045b34aa1973b12"},{"introduced":"0"},{"last_affected":"d4d2a336b6ec125c60610a22a003502858ac51a5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0"},{"introduced":"0"},{"last_affected":"4.0.1"},{"introduced":"0"},{"last_affected":"4.0.2"},{"introduced":"0"},{"last_affected":"4.0.3"},{"introduced":"0"},{"last_affected":"4.0.4"},{"introduced":"0"},{"last_affected":"4.0.5"},{"introduced":"0"},{"last_affected":"4.0.7"},{"introduced":"0"},{"last_affected":"4.0.8"},{"introduced":"0"},{"last_affected":"4.0.9"},{"introduced":"0"},{"last_affected":"4.0.10"},{"introduced":"0"},{"last_affected":"4.1"},{"introduced":"0"},{"last_affected":"4.1.1"},{"introduced":"0"},{"last_affected":"4.1.2"},{"introduced":"0"},{"last_affected":"4.1.3"},{"introduced":"0"},{"last_affected":"4.1.4"},{"introduced":"0"},{"last_affected":"4.1.5"},{"introduced":"0"},{"last_affected":"4.1.6"},{"introduced":"0"},{"last_affected":"4.2"},{"introduced":"0"},{"last_affected":"4.2.1"},{"introduced":"0"},{"last_affected":"4.2.2"},{"introduced":"0"},{"last_affected":"4.2.3"},{"introduced":"0"},{"last_affected":"4.2.4"},{"introduced":"0"},{"last_affected":"4.2.5"},{"introduced":"0"},{"last_affected":"4.2.6"},{"introduced":"0"},{"last_affected":"4.2.7"},{"introduced":"0"},{"last_affected":"4.3"},{"introduced":"0"},{"last_affected":"4.3.1"},{"introduced":"0"},{"last_affected":"4.3.2"},{"introduced":"0"},{"last_affected":"4.3.3"},{"introduced":"0"},{"last_affected":"4.3.4"},{"introduced":"0"},{"last_affected":"4.3.5"},{"introduced":"0"},{"last_affected":"4.3.6"},{"introduced":"0"},{"last_affected":"4.3.7"},{"introduced":"0"},{"last_affected":"4.3.8"},{"introduced":"0"},{"last_affected":"4.3.9"},{"introduced":"0"},{"last_affected":"5.0"},{"introduced":"0"},{"last_affected":"5.0-a1"},{"introduced":"0"},{"last_affected":"5.0-rc1"},{"introduced":"0"},{"last_affected":"5.0-rc2"},{"introduced":"0"},{"last_affected":"5.0-rc3"},{"introduced":"0"},{"last_affected":"5.0.1"},{"introduced":"0"},{"last_affected":"5.0.2"},{"introduced":"0"},{"last_affected":"5.0.3"},{"introduced":"0"},{"last_affected":"5.0.4"}]}}],"versions":["4.0","4.0.1","4.0.10","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.0a1","4.0a2","4.0a3","4.0a4","4.0a5","4.0b1","4.0b2","4.0b3","4.0b4","4.0b5","4.0rc1","4.1.0","4.1.1","4.1.2","4.1.3","4.1.4","4.1.5","4.1.6","4.1a1","4.1a2","4.1a3","4.1b1","4.1b2","4.1rc1","4.1rc2","4.1rc3","4.2","4.2.0","4.2.1","4.2.2","4.2.3","4.2.4","4.2.5","4.2.6","4.2.7","4.2a1","4.2a2","4.2b1","4.2b2","4.2rc1","4.2rc2","4.3","4.3.1","4.3.2","4.3.3","4.3.4","4.3.5","4.3.6","4.3.7","4.3.8","4.3.9","4.3a1","4.3a2","4.3b1","4.3b2","5.0","5.0a2","5.0a3","5.0b1","5.0b2","5.0b3","5.0b4","5.0rc1","5.0rc2","5.0rc3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4041.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}