Vulnerabilities > CVE-2009-2701 - Unspecified vulnerability in Zope Zodb

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

zope

NVD

Published: 2009-09-08

Updated: 2009-09-09

Summary

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Zope Zope Zodb 3.8 Zope Zodb 3.8.0 Zope Zodb 3.8.1 Zope Zodb 3.8.2 Zope Zodb 3.9.0 Zope Zodb 3.9.0B1 Zope Zodb 3.9.0B2 Zope Zodb 3.9.0B3 Zope Zodb 3.9.0B4 Zope Zodb 3.9.0B5 Zope Zodb 3.9.0C1	11

References

http://pypi.python.org/pypi/ZODB3/3.8.3
http://pypi.python.org/pypi/ZODB3/3.9.0c2
http://www.vupen.com/english/advisories/2009/2534
https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html