Vulnerabilities > CVE-2001-0569 - Local Security vulnerability in Zope
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2001-025.NASL description A new Hotfix for Zope has been released that fixes a very important security issue that affects all versions of Zope prior to and including 2.3.1b1. Users can use through-the-web scripting capabilities on a Zope site to view and assign class attributes to ZClasses, possibly allowing them to make inappropriate changes to ZClass instances. As well, perceived security problems with the ObjectManager, PropertyManager and PropertySheet classes have been fixed as well. It is highly recommended that all Linux-Mandrake users using Zope upgrade to these new packages immediately. last seen 2020-06-01 modified 2020-06-02 plugin id 61899 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61899 title Mandrake Linux Security Advisory : Zope (MDKSA-2001:025) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-043.NASL description This advisory covers several vulnerabilities in Zope that have been addressed.Hotfix 08_09_2000 last seen 2020-06-01 modified 2020-06-02 plugin id 14880 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14880 title Debian DSA-043-1 : zope
Redhat
advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382
- http://www.debian.org/security/2001/dsa-043
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3
- http://www.redhat.com/support/errata/RHSA-2001-021.html
- http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23