Vulnerabilities > CVE-2001-0568 - Local Security vulnerability in Zope
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
Nessus
NASL family Web Servers NASL id ZOPE_DOS.NASL description The remote web server is Zope < 2.2.5. Such versions allow any Zope user to create a denial of service by modifying Zope data structures, thus rendering the site unusable. *** Since Nessus solely relied on the version number of the server, *** consider this a false positive if the hotfix has already been applied. last seen 2020-06-01 modified 2020-06-02 plugin id 10702 published 2001-08-04 reporter This script is Copyright (C) 2001-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10702 title Zope ZClass Modification Local DoS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(10702); script_version ("1.26"); script_cve_id("CVE-2001-0568"); script_bugtraq_id(2458); script_name(english:"Zope ZClass Modification Local DoS"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains an application server that is prone to a denial of service issue." ); script_set_attribute(attribute:"description", value: "The remote web server is Zope < 2.2.5. Such versions allow any Zope user to create a denial of service by modifying Zope data structures, thus rendering the site unusable. *** Since Nessus solely relied on the version number of the server, *** consider this a false positive if the hotfix has already been applied." ); script_set_attribute(attribute:"solution", value: "Upgrade to Zope 2.2.5 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2001/08/04"); script_set_attribute(attribute:"vuln_publication_date", value: "2001/02/15"); script_cvs_date("Date: 2018/08/07 16:46:51"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks for Zope"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2001-2018 Tenable Network Security, Inc."); script_family(english:"Web Servers"); script_dependencie("find_service1.nasl", "http_version.nasl"); script_require_ports("Services/www", 80); script_require_keys("www/zope"); exit(0); } # # The script code starts here # include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); banner = get_http_banner(port:port); if(banner) { if(egrep(pattern:"Server: .*Zope 2\.((0\..*)|(1\..*)|(2\.[0-4]))", string:banner)) security_warning(port); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-049.NASL description Another problem was discovered in Zope that fixes a problem with ZClasses. Any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance. The Zope Hotfix 2001-05-01 corrects this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 61913 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61913 title Mandrake Linux Security Advisory : Zope (MDKSA-2001:049) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-043.NASL description This advisory covers several vulnerabilities in Zope that have been addressed.Hotfix 08_09_2000 last seen 2020-06-01 modified 2020-06-02 plugin id 14880 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14880 title Debian DSA-043-1 : zope
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382
- http://www.debian.org/security/2001/dsa-043
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3
- http://www.redhat.com/support/errata/RHSA-2001-021.html
- http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23