Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1227

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1227
Last Modified 10 Sep 2008 03:09:58
Published 10 Oct 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1227

Summary

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

Vulnerable Systems

Application

  • Zope 2.2.0

  • Zope 2.2.1

  • Zope 2.2.2

  • Zope 2.2.3

  • Zope 2.2.4

  • Zope 2.2.5


References

REDHAT - RHSA-2001:115

MANDRAKE - MDKSA-2001:080

XF - zope-fmt-access-methods(7271)

BID - 3425

REDHAT - RHSA-2001:072


Last Updated: 27 May 2016 10:36:34