Vulnerabilities > CVE-2001-0128
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 3 | |
| OS | 4 | |
| OS | 2 | |
| OS | 1 | |
| OS | 3 | |
| OS | 1 |
Nessus
| NASL family | Mandriva Local Security Checks |
| NASL id | MANDRAKE_MDKSA-2000-086.NASL |
| description | A potential security issue exists in versions of Zope up to and including 2.2.4. This issue involves incorrect protection of a data updating method on Image and File objects. Because the method was not correctly protected, it was possible for users with DTML editing privileges to update the raw data of a File or Image object via DTML though they did not have editing privileges on the objects themselves. This update replaces the previous Zope update noted in MDKSA-2000:083. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 61872 |
| published | 2012-09-06 |
| reporter | This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/61872 |
| title | Mandrake Linux Security Advisory : Zope (MDKSA-2000:086) |
Redhat
| advisories |
|
References
- http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc
- http://www.debian.org/security/2000/20001219
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
- http://www.redhat.com/support/errata/RHSA-2000-127.html
- http://www.osvdb.org/6284
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5777