Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0170

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0170
Last Modified 10 Sep 2008 08:00:38
Published 22 Apr 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0170

Summary

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

Vulnerable Systems

Application

  • Zope 2.2.0

  • Zope 2.2.1

  • Zope 2.2.2

  • Zope 2.2.3

  • Zope 2.2.4

  • Zope 2.2.5

  • Zope 2.3.0

  • Zope 2.3.1

  • Zope 2.3.2

  • Zope 2.3.3

  • Zope 2.4.0

  • Zope 2.4.1

  • Zope 2.4.2

  • Zope 2.4.3

  • Zope 2.4.4b1

  • Zope 2.5.0

  • Zope 2.5.1b1


References

CONFIRM - http://www.zope.org/Products/Zope/hotfixes/

BID - 4229

REDHAT - RHSA-2002:060

OSVDB - 5350

XF - zope-proxy-role-privileges(8334)

BUGTRAQ - 20020301 [matt@zope.com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)]


Last Updated: 27 May 2016 10:36:48