Vulnerabilities > CVE-2000-0062 - Unspecified vulnerability in Zope 1.10.3/2.1.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN zope
nessus
Summary
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
| NASL family | Web Servers |
| NASL id | ZOPE_IMG_UPDATING.NASL |
| description | According to its banner, the remote web server is Zope < 2.2.5. Such versions suffer from a security issue involving incorrect protection of a data updating method on Image and File objects. Because the method is not correctly protected, it is possible for users with DTML editing privileges to update the raw data of a File or Image object via DTML though they do not have editing privileges on the objects themselves. *** Since Nessus solely relied on the version number of the server, *** consider this a false positive if the hotfix has already been applied. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10569 |
| published | 2000-12-19 |
| reporter | This script is Copyright (C) 2000-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/10569 |
| title | Zope Image and File Update Data Protection Bypass |