Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0725

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2000-0725
Last Modified 10 Sep 2008 03:05:42
Published 20 Oct 2000 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-0725

Summary

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Vulnerable Systems

Application

  • Zope 1.10.3

  • Zope 2.1.1

  • Zope 2.1.7

  • Zope 2.2 Beta1


References

BID - 1577

BUGTRAQ - 20000821 Conectiva Linux Security Announcement - Zope

BUGTRAQ - 20000816 MDKSA-2000:035 Zope update

CONFIRM - http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert

DEBIAN - 20000821 zope: unauthorized escalation of privilege (update)

REDHAT - RHSA-2000:052


Last Updated: 27 May 2016 10:35:50