Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2701

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2009-2701
Last Modified 09 Sep 2009 12:00:00
Published 08 Sep 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2009-2701

Summary

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

Vulnerable Systems

Application

  • Zope Zodb 3.8

  • Zope Zodb 3.8.0

  • Zope Zodb 3.8.1

  • Zope Zodb 3.8.2

  • Zope Zodb 3.9.0

  • Zope Zodb 3.9.0b1

  • Zope Zodb 3.9.0b2

  • Zope Zodb 3.9.0b3

  • Zope Zodb 3.9.0b4

  • Zope Zodb 3.9.0b5

  • Zope Zodb 3.9.0c1


References

MLIST - [zope-announce] 20090901 CVE-2009-2701: Releases to fix ZODB ZEO server vulnerability

VUPEN - ADV-2009-2534

CONFIRM - http://pypi.python.org/pypi/ZODB3/3.9.0c2

CONFIRM - http://pypi.python.org/pypi/ZODB3/3.8.3


Last Updated: 27 May 2016 10:51:00