Vulnerabilities > CVE-2001-0568 - Unspecified vulnerability in Zope

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
zope
nessus

Summary

Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.

Vulnerable Configurations

Part Description Count
Application
Zope
1

Nessus

  • NASL familyWeb Servers
    NASL idZOPE_DOS.NASL
    descriptionThe remote web server is Zope < 2.2.5. Such versions allow any Zope user to create a denial of service by modifying Zope data structures, thus rendering the site unusable. *** Since Nessus solely relied on the version number of the server, *** consider this a false positive if the hotfix has already been applied.
    last seen2020-06-01
    modified2020-06-02
    plugin id10702
    published2001-08-04
    reporterThis script is Copyright (C) 2001-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/10702
    titleZope ZClass Modification Local DoS
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include("compat.inc");
    
    if(description)
    {
     script_id(10702);
     script_version ("1.26");
    
     script_cve_id("CVE-2001-0568");
     script_bugtraq_id(2458);
     
     script_name(english:"Zope ZClass Modification Local DoS");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote web server contains an application server that is prone to
    a denial of service issue." );
     script_set_attribute(attribute:"description", value:
    "The remote web server is Zope < 2.2.5.  Such versions allow any Zope
    user to create a denial of service by modifying Zope data structures,
    thus rendering the site unusable. 
    
    *** Since Nessus solely relied on the version number of the server, 
    *** consider this a false positive if the hotfix has already been applied." );
     script_set_attribute(attribute:"solution", value:
    "Upgrade to Zope 2.2.5 or later." );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2001/08/04");
     script_set_attribute(attribute:"vuln_publication_date", value: "2001/02/15");
     script_cvs_date("Date: 2018/08/07 16:46:51");
    script_set_attribute(attribute:"plugin_type", value:"remote");
    script_end_attributes();
    
     
     script_summary(english:"Checks for Zope");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc.");
     script_family(english:"Web Servers");
     script_dependencie("find_service1.nasl", "http_version.nasl");
     script_require_ports("Services/www", 80);
     script_require_keys("www/zope");
     exit(0);
    }
    
    #
    # The script code starts here
    #
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:80);
    
    banner = get_http_banner(port:port);
    
    if(banner)
    {
      if(egrep(pattern:"Server: .*Zope 2\.((0\..*)|(1\..*)|(2\.[0-4]))", 
      		string:banner))
         security_warning(port);
    }
    
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2001-049.NASL
    descriptionAnother problem was discovered in Zope that fixes a problem with ZClasses. Any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance. The Zope Hotfix 2001-05-01 corrects this problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id61913
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61913
    titleMandrake Linux Security Advisory : Zope (MDKSA-2001:049)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-043.NASL
    descriptionThis advisory covers several vulnerabilities in Zope that have been addressed.Hotfix 08_09_2000
    last seen2020-06-01
    modified2020-06-02
    plugin id14880
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14880
    titleDebian DSA-043-1 : zope

Redhat

advisories
rhsa
idRHSA-2001:021