Vulnerabilities > CVE-2001-0569 - Local Security vulnerability in Zope

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
zope
nessus

Summary

Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.

Vulnerable Configurations

Part Description Count
Application
Zope
1

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2001-025.NASL
    descriptionA new Hotfix for Zope has been released that fixes a very important security issue that affects all versions of Zope prior to and including 2.3.1b1. Users can use through-the-web scripting capabilities on a Zope site to view and assign class attributes to ZClasses, possibly allowing them to make inappropriate changes to ZClass instances. As well, perceived security problems with the ObjectManager, PropertyManager and PropertySheet classes have been fixed as well. It is highly recommended that all Linux-Mandrake users using Zope upgrade to these new packages immediately.
    last seen2020-06-01
    modified2020-06-02
    plugin id61899
    published2012-09-06
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61899
    titleMandrake Linux Security Advisory : Zope (MDKSA-2001:025)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-043.NASL
    descriptionThis advisory covers several vulnerabilities in Zope that have been addressed.Hotfix 08_09_2000
    last seen2020-06-01
    modified2020-06-02
    plugin id14880
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14880
    titleDebian DSA-043-1 : zope

Redhat

advisories
rhsa
idRHSA-2001:021