Vulnerabilities > CVE-2000-1212 - Unspecified vulnerability in Zope
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Nessus
NASL family Web Servers NASL id ZOPE_IMG_UPDATING.NASL description According to its banner, the remote web server is Zope < 2.2.5. Such versions suffer from a security issue involving incorrect protection of a data updating method on Image and File objects. Because the method is not correctly protected, it is possible for users with DTML editing privileges to update the raw data of a File or Image object via DTML though they do not have editing privileges on the objects themselves. *** Since Nessus solely relied on the version number of the server, *** consider this a false positive if the hotfix has already been applied. last seen 2020-06-01 modified 2020-06-02 plugin id 10569 published 2000-12-19 reporter This script is Copyright (C) 2000-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10569 title Zope Image and File Update Data Protection Bypass NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2000-086.NASL description A potential security issue exists in versions of Zope up to and including 2.2.4. This issue involves incorrect protection of a data updating method on Image and File objects. Because the method was not correctly protected, it was possible for users with DTML editing privileges to update the raw data of a File or Image object via DTML though they did not have editing privileges on the objects themselves. This update replaces the previous Zope update noted in MDKSA-2000:083. last seen 2020-06-01 modified 2020-06-02 plugin id 61872 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61872 title Mandrake Linux Security Advisory : Zope (MDKSA-2000:086)
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086
- http://www.debian.org/security/2001/dsa-007
- http://www.osvdb.org/6283
- http://www.redhat.com/support/errata/RHSA-2000-135.html
- http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5778