Trend Micro's Juan Castro reports today that a vulnerability in Plone, discovered in November 2007 by AusCERT, has cropped up on a number of sites. The exploit uses a technique called "Doorway Pages" and redirects visitors to pages that then download malware to the visitor's computer. Castro's analysis is that someone is using the vulnerability discovered by AusCERT as a redirector to hijack traffic and possibly infect computers.

The vulnerability was addressed in Plone's version 3.0.3 and legacy version 2.5.5. If you're using Plone for any of your CMS-based websites, make sure your installation is patched to the current version, which is 3.0.6, or to the latest legacy version, which is 2.5.5.