Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-1211

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2000-1211
Last Modified 05 Sep 2008 04:22:55
Published 16 Dec 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-1211

Summary

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

Vulnerable Systems

Application

  • Zope 2.2.0

  • Zope 2.2.0a1

  • Zope 2.2.0b1

  • Zope 2.2.0b2

  • Zope 2.2.0b3

  • Zope 2.2.0b4

  • Zope 2.2.1

  • Zope 2.2.1b1

  • Zope 2.2.2

  • Zope 2.2.3

  • Zope 2.2.4


References

CONFIRM - http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert

MANDRAKE - MDKSA-2000:083

REDHAT - RHSA-2000:125

OSVDB - 6282

XF - zope-legacy-names(5824)


Last Updated: 27 May 2016 10:36:04