Vulnerabilities > CVE-2002-0170 - Unspecified vulnerability in Zope

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

zope

NVD

Published: 2002-04-22

Updated: 2016-10-18

Summary

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

Vulnerable Configurations

Part	Description	Count
Application	Zope Zope Zope 2.2.0 Zope Zope 2.2.1 Zope Zope 2.2.2 Zope Zope 2.2.3 Zope Zope 2.2.4 Zope Zope 2.2.5 Zope Zope 2.3.0 Zope Zope 2.3.1 Zope Zope 2.3.2 Zope Zope 2.3.3 Zope Zope 2.4.0 Zope Zope 2.4.1 Zope Zope 2.4.2 Zope Zope 2.4.3 Zope Zope 2.4.4B1 Zope Zope 2.5.0 Zope Zope 2.5.1B1	17

Redhat

advisories

rhsa

id	RHSA-2002:060

References

http://marc.info/?l=bugtraq&m=101503023511996&w=2
http://www.iss.net/security_center/static/8334.php
http://www.osvdb.org/5350
http://www.redhat.com/support/errata/RHSA-2002-060.html
http://www.securityfocus.com/bid/4229
http://www.zope.org/Products/Zope/hotfixes/