Vulnerabilities > CVE-2009-2701 - Unspecified vulnerability in Zope Zodb

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

zope

NVD

Published: 2009-09-08

Updated: 2009-09-09

Summary

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Zope Zope Zodb 3.9.0 Zope Zodb 3.8.2 Zope Zodb 3.9.0B5 Zope Zodb 3.8.0 Zope Zodb 3.9.0B1 Zope Zodb 3.9.0B3 Zope Zodb 3.8 Zope Zodb 3.9.0C1 Zope Zodb 3.9.0B4 Zope Zodb 3.8.1 Zope Zodb 3.9.0B2	11

References

https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html
http://pypi.python.org/pypi/ZODB3/3.9.0c2
http://pypi.python.org/pypi/ZODB3/3.8.3
http://www.vupen.com/english/advisories/2009/2534