Intelligence Center » Browse All Vulnerabilities » CVE-2000-0725
Overview |
|
| Vulnerability Score |  7.2 |
| CVE Id | CVE-2000-0725 |
| Last Modified | 10 Sep 2008 03:05:42 |
| Published | 20 Oct 2000 12:00:00 |
| Confidentiality Impact | COMPLETE |
| Integrity Impact | COMPLETE |
| Availability Impact | COMPLETE |
| Access Vector | LOCAL |
| Access Complexity | LOW |
| Authentication | NONE |
CVE-2000-0725
Summary
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Vulnerable Systems
Application
Zope 1.10.3
Zope 2.1.1
Zope 2.1.7
Zope 2.2 Beta1
References
BID - 1577
BUGTRAQ - 20000821 Conectiva Linux Security Announcement - Zope
BUGTRAQ - 20000816 MDKSA-2000:035 Zope update
CONFIRM - http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
DEBIAN - 20000821 zope: unauthorized escalation of privilege (update)
REDHAT - RHSA-2000:052
IT Risk Posture:
Free Risk Assessment Tools
Application Scanner
Find vulnerabilities on your network.
Device Scanner
Find vulnerabilities on your network.
Patch Scanner
Find vulnerabilities on your network.
Last Updated: 27 May 2016 10:35:50
