Vulnerabilities > CVE-2008-5102 - Resource Management Errors vulnerability in Zope
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements. http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt Affected Versions * Zope 2.7.0 to Zope 2.11.2 --- http://openwall.com/lists/oss-security/2008/11/12/2 Affected Conga versions: - checked conga-0.9.1-8 (contains Zope2.7.5 RC2), conga-0.12.0-7.el5 (contains Zope-2.8.4), - but older,newer Conga versions can be also vulnerable to this issue (based on Zope 2 version).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Zope 2.11.2 PythonScript Multiple Remote Denial Of Service Vulnerabilities. CVE-2008-5102. Dos exploits for multiple platform |
| id | EDB-ID:32581 |
| last seen | 2016-02-03 |
| modified | 2008-11-12 |
| published | 2008-11-12 |
| reporter | Marc-Andre Lemburg |
| source | https://www.exploit-db.com/download/32581/ |
| title | Zope <= 2.11.2 PythonScript Multiple Remote Denial Of Service Vulnerabilities |
References
- http://bugs.gentoo.org/show_bug.cgi?id=246411
- http://mail.zope.org/pipermail/zope/2008-August/174025.html
- http://openwall.com/lists/oss-security/2008/11/12/2
- http://www.vupen.com/english/advisories/2008/2418
- http://www.zope.org/Products/Zope/Hotfix-2008-08-12/Hotfix_20080812-1.1.0.tar.gz
- http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt
- https://bugs.launchpad.net/zope2/+bug/257269
- https://bugs.launchpad.net/zope2/+bug/257276