Vulnerabilities > CVE-2000-0725 - Unspecified vulnerability in Zope
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Redhat
advisories |
|
References
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
- http://www.debian.org/security/2000/20000821
- http://www.redhat.com/support/errata/RHSA-2000-052.html
- http://www.securityfocus.com/bid/1577
- http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert