CVE-2000-0725
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/10/2000
Last modified:
10/09/2008
Description
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:zope:zope:1.10.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:zope:zope:2.1.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:zope:zope:2.1.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:zope:zope:2.2_beta1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
- http://www.debian.org/security/2000/20000821
- http://www.redhat.com/support/errata/RHSA-2000-052.html
- http://www.securityfocus.com/bid/1577
- http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert