All the vulnerabilites related to zope - zope
cve-2001-0569
Vulnerability from cvelistv5
Published
2001-07-27 04:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2001/dsa-043 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2001-021.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382 | vendor-advisory, x_refsource_CONECTIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-043",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-043"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23"
},
{
"name": "RHSA-2001:021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-021.html"
},
{
"name": "MDKSA-2001:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3"
},
{
"name": "CLA-2001:382",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-043",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-043"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23"
},
{
"name": "RHSA-2001:021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-021.html"
},
{
"name": "MDKSA-2001:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3"
},
{
"name": "CLA-2001:382",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-043",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-043"
},
{
"name": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23"
},
{
"name": "RHSA-2001:021",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-021.html"
},
{
"name": "MDKSA-2001:025",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3"
},
{
"name": "CLA-2001:382",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0569",
"datePublished": "2001-07-27T04:00:00",
"dateReserved": "2001-07-27T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0062
Vulnerability from cvelistv5
Published
2000-04-18 04:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650%40schvin.net | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/922 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:53.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000104222219.B41650%40schvin.net"
},
{
"name": "922",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/922"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-01-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000104222219.B41650%40schvin.net"
},
{
"name": "922",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/922"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000104222219.B41650@schvin.net"
},
{
"name": "922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/922"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0062",
"datePublished": "2000-04-18T04:00:00",
"dateReserved": "2000-01-22T00:00:00",
"dateUpdated": "2024-08-08T05:05:53.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2528
Vulnerability from cvelistv5
Published
2011-07-19 20:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/45056 | third-party-advisory, x_refsource_SECUNIA | |
| http://plone.org/products/plone/security/advisories/20110622 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=718824 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2011/07/12/9 | mailing-list, x_refsource_MLIST | |
| https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html | mailing-list, x_refsource_MLIST | |
| http://plone.org/products/plone-hotfix/releases/20110622 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/45111 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2011/07/04/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:21.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45056"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20110622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718824"
},
{
"name": "[oss-security] 20110712 Re: CVE request: plone privilege escalation flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/12/9"
},
{
"name": "[zone-announce] 20110628 Security Hotfix 20110622 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110622"
},
{
"name": "45111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45111"
},
{
"name": "[oss-security] 20110704 CVE request: plone privilege escalation flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/04/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a \"highly serious vulnerability.\" NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-07-19T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "45056",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45056"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20110622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718824"
},
{
"name": "[oss-security] 20110712 Re: CVE request: plone privilege escalation flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/12/9"
},
{
"name": "[zone-announce] 20110628 Security Hotfix 20110622 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110622"
},
{
"name": "45111",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45111"
},
{
"name": "[oss-security] 20110704 CVE request: plone privilege escalation flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/04/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2528",
"datePublished": "2011-07-19T20:00:00Z",
"dateReserved": "2011-06-15T00:00:00Z",
"dateUpdated": "2024-08-06T23:08:21.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0240
Vulnerability from cvelistv5
Published
2007-03-22 18:00
Modified
2024-08-07 12:12
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/1041 | vdb-entry, x_refsource_VUPEN | |
| http://www.debian.org/security/2007/dsa-1275 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/23084 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/24017 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html | vendor-advisory, x_refsource_SUSE | |
| http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view | x_refsource_CONFIRM | |
| http://secunia.com/advisories/24713 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/25239 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33187 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:12:17.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1041",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1041"
},
{
"name": "DSA-1275",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1275"
},
{
"name": "23084",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23084"
},
{
"name": "24017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24017"
},
{
"name": "SUSE-SR:2007:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view"
},
{
"name": "24713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24713"
},
{
"name": "25239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25239"
},
{
"name": "zope-unspecifiedget-xss(33187)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33187"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1041",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1041"
},
{
"name": "DSA-1275",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1275"
},
{
"name": "23084",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23084"
},
{
"name": "24017",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24017"
},
{
"name": "SUSE-SR:2007:011",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view"
},
{
"name": "24713",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24713"
},
{
"name": "25239",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25239"
},
{
"name": "zope-unspecifiedget-xss(33187)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33187"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1041",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1041"
},
{
"name": "DSA-1275",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1275"
},
{
"name": "23084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23084"
},
{
"name": "24017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24017"
},
{
"name": "SUSE-SR:2007:011",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view"
},
{
"name": "24713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24713"
},
{
"name": "25239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25239"
},
{
"name": "zope-unspecifiedget-xss(33187)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33187"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0240",
"datePublished": "2007-03-22T18:00:00",
"dateReserved": "2007-01-16T00:00:00",
"dateUpdated": "2024-08-07T12:12:17.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6661
Vulnerability from cvelistv5
Published
2014-11-03 22:00
Modified
2024-09-16 23:22
Severity ?
EPSS score ?
Summary
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/zope2/+bug/1071067 | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/24 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121124 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-03T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "https://bugs.launchpad.net/zope2/+bug/1071067",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/24",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121124",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6661",
"datePublished": "2014-11-03T22:00:00Z",
"dateReserved": "2014-11-03T00:00:00Z",
"dateUpdated": "2024-09-16T23:22:11.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1104
Vulnerability from cvelistv5
Published
2010-03-25 17:00
Modified
2024-08-07 01:14
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2010/0104 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/37765 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/61655 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55599 | vdb-entry, x_refsource_XF | |
| https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/38007 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2010-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0104"
},
{
"name": "37765",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37765"
},
{
"name": "61655",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/61655"
},
{
"name": "zope-standarderrormessage-xss(55599)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55599"
},
{
"name": "[zope-announce] 20100112 New Zope2 releases available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html"
},
{
"name": "38007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2010-0104",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0104"
},
{
"name": "37765",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37765"
},
{
"name": "61655",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/61655"
},
{
"name": "zope-standarderrormessage-xss(55599)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55599"
},
{
"name": "[zope-announce] 20100112 New Zope2 releases available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html"
},
{
"name": "38007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0104"
},
{
"name": "37765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37765"
},
{
"name": "61655",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61655"
},
{
"name": "zope-standarderrormessage-xss(55599)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55599"
},
{
"name": "[zope-announce] 20100112 New Zope2 releases available",
"refsource": "MLIST",
"url": "https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html"
},
{
"name": "38007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1104",
"datePublished": "2010-03-25T17:00:00",
"dateReserved": "2010-03-25T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-5145
Vulnerability from cvelistv5
Published
2017-08-07 17:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/zope2/+bug/490514 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/72792/info | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2015/03/02/7 | mailing-list, x_refsource_MLIST | |
| http://cve.killedkenny.io/cve/CVE-2009-5145 | x_refsource_MISC | |
| https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d | x_refsource_CONFIRM | |
| https://security-tracker.debian.org/tracker/CVE-2009-5145/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:22.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/490514"
},
{
"name": "72792",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72792/info"
},
{
"name": "[oss-security] 20150302 Re: XSS In Zope",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/02/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cve.killedkenny.io/cve/CVE-2009-5145"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2009-5145/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/490514"
},
{
"name": "72792",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72792/info"
},
{
"name": "[oss-security] 20150302 Re: XSS In Zope",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/02/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cve.killedkenny.io/cve/CVE-2009-5145"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2009-5145/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-5145",
"datePublished": "2017-08-07T17:00:00",
"dateReserved": "2015-03-02T00:00:00",
"dateUpdated": "2024-08-07T07:32:22.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-42458
Vulnerability from cvelistv5
Published
2023-09-21 16:34
Modified
2024-09-24 15:04
Severity ?
EPSS score ?
Summary
Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the "Add Documents, Images, and Files" permission is only assigned to trusted roles. By default, only the Manager has this permission.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | zopefoundation | Zope |
Version: < 4.8.10 Version: >= 5.0.0, < 5.8.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:23:38.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/603b0a12881c90a072a7a65e32d47ed898ce37cb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/commit/603b0a12881c90a072a7a65e32d47ed898ce37cb"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42458",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:48:49.811652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T15:04:16.626Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zope",
"vendor": "zopefoundation",
"versions": [
{
"status": "affected",
"version": "\u003c 4.8.10"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.8.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the \"Add Documents, Images, and Files\" permission is only assigned to trusted roles. By default, only the Manager has this permission."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T16:34:11.747Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/603b0a12881c90a072a7a65e32d47ed898ce37cb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zopefoundation/Zope/commit/603b0a12881c90a072a7a65e32d47ed898ce37cb"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2"
}
],
"source": {
"advisory": "GHSA-wm8q-9975-xh5v",
"discovery": "UNKNOWN"
},
"title": "Zope vulnerable to Stored Cross Site Scripting with SVG images"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-42458",
"datePublished": "2023-09-21T16:34:11.747Z",
"dateReserved": "2023-09-08T20:57:45.574Z",
"dateUpdated": "2024-09-24T15:04:16.626Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5102
Vulnerability from cvelistv5
Published
2008-11-17 18:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mail.zope.org/pipermail/zope/2008-August/174025.html | mailing-list, x_refsource_MLIST | |
| http://bugs.gentoo.org/show_bug.cgi?id=246411 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/zope2/+bug/257269 | x_refsource_CONFIRM | |
| http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt | x_refsource_CONFIRM | |
| http://www.zope.org/Products/Zope/Hotfix-2008-08-12/Hotfix_20080812-1.1.0.tar.gz | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/zope2/+bug/257276 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2418 | vdb-entry, x_refsource_VUPEN | |
| http://openwall.com/lists/oss-security/2008/11/12/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Zope] 20080812 Script (Python) insecure ?",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.zope.org/pipermail/zope/2008-August/174025.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=246411"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/257269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/Hotfix_20080812-1.1.0.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/257276"
},
{
"name": "ADV-2008-2418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2418"
},
{
"name": "[oss-security] 20081112 CVE Request - Zope 2 - PythonScripts local DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2008/11/12/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-09-01T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Zope] 20080812 Script (Python) insecure ?",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.zope.org/pipermail/zope/2008-August/174025.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=246411"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/257269"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/Hotfix_20080812-1.1.0.tar.gz"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/257276"
},
{
"name": "ADV-2008-2418",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2418"
},
{
"name": "[oss-security] 20081112 CVE Request - Zope 2 - PythonScripts local DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2008/11/12/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Zope] 20080812 Script (Python) insecure ?",
"refsource": "MLIST",
"url": "http://mail.zope.org/pipermail/zope/2008-August/174025.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=246411",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=246411"
},
{
"name": "https://bugs.launchpad.net/zope2/+bug/257269",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/zope2/+bug/257269"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/Hotfix_20080812-1.1.0.tar.gz",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/Hotfix_20080812-1.1.0.tar.gz"
},
{
"name": "https://bugs.launchpad.net/zope2/+bug/257276",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/zope2/+bug/257276"
},
{
"name": "ADV-2008-2418",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2418"
},
{
"name": "[oss-security] 20081112 CVE Request - Zope 2 - PythonScripts local DoS",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2008/11/12/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5102",
"datePublished": "2008-11-17T18:00:00",
"dateReserved": "2008-11-17T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-1211
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 05:45
Severity ?
EPSS score ?
Summary
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert | x_refsource_CONFIRM | |
| http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.iss.net/security_center/static/5824.php | vdb-entry, x_refsource_XF | |
| http://www.redhat.com/support/errata/RHSA-2000-125.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.osvdb.org/6282 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert"
},
{
"name": "MDKSA-2000:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3"
},
{
"name": "zope-legacy-names(5824)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/5824.php"
},
{
"name": "RHSA-2000:125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-125.html"
},
{
"name": "6282",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert"
},
{
"name": "MDKSA-2000:083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3"
},
{
"name": "zope-legacy-names(5824)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/5824.php"
},
{
"name": "RHSA-2000:125",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-125.html"
},
{
"name": "6282",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert"
},
{
"name": "MDKSA-2000:083",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3"
},
{
"name": "zope-legacy-names(5824)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/5824.php"
},
{
"name": "RHSA-2000:125",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-125.html"
},
{
"name": "6282",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1211",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-16T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5489
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone/security/advisories/20121106/05 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/zope2/+bug/1079238 | x_refsource_CONFIRM | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.309Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/05"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1079238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/05"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1079238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5489",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32811
Vulnerability from cvelistv5
Published
2021-08-02 21:55
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Products.PythonScripts` add-on package installed. By default, one must have the admin-level Zope "Manager" role to add or edit Script (Python) objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web are at risk. Zope releases 4.6.3 and 5.3 are not vulnerable. As a workaround, a site administrator can restrict adding/editing Script (Python) objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | zopefoundation | Zope |
Version: >= 4.0, < 4.6.3 Version: >= 5.0, < 5.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zope",
"vendor": "zopefoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0, \u003c 4.6.3"
},
{
"status": "affected",
"version": "\u003e= 5.0, \u003c 5.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one\u0027s Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Products.PythonScripts` add-on package installed. By default, one must have the admin-level Zope \"Manager\" role to add or edit Script (Python) objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web are at risk. Zope releases 4.6.3 and 5.3 are not vulnerable. As a workaround, a site administrator can restrict adding/editing Script (Python) objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T21:55:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988"
}
],
"source": {
"advisory": "GHSA-g4gq-j4p2-j8fr",
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution via Script (Python) objects under Python 3",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32811",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution via Script (Python) objects under Python 3"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zope",
"version": {
"version_data": [
{
"version_value": "\u003e= 4.0, \u003c 4.6.3"
},
{
"version_value": "\u003e= 5.0, \u003c 5.3"
}
]
}
}
]
},
"vendor_name": "zopefoundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one\u0027s Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Products.PythonScripts` add-on package installed. By default, one must have the admin-level Zope \"Manager\" role to add or edit Script (Python) objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web are at risk. Zope releases 4.6.3 and 5.3 are not vulnerable. As a workaround, a site administrator can restrict adding/editing Script (Python) objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr",
"refsource": "CONFIRM",
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr"
},
{
"name": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf",
"refsource": "MISC",
"url": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988",
"refsource": "MISC",
"url": "https://github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988"
}
]
},
"source": {
"advisory": "GHSA-g4gq-j4p2-j8fr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32811",
"datePublished": "2021-08-02T21:55:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0567
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6958 | vdb-entry, x_refsource_XF | |
| http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert | x_refsource_CONFIRM | |
| http://www.debian.org/security/2001/dsa-055 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.redhat.com/support/errata/RHSA-2001-065.html | vendor-advisory, x_refsource_REDHAT | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000407 | vendor-advisory, x_refsource_CONECTIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2001:049",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3"
},
{
"name": "zope-zclass-gain-privileges(6958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6958"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert"
},
{
"name": "DSA-055",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-055"
},
{
"name": "RHSA-2001:065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-065.html"
},
{
"name": "CLA-2001:407",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000407"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2001:049",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3"
},
{
"name": "zope-zclass-gain-privileges(6958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6958"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert"
},
{
"name": "DSA-055",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-055"
},
{
"name": "RHSA-2001:065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-065.html"
},
{
"name": "CLA-2001:407",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000407"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2001:049",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3"
},
{
"name": "zope-zclass-gain-privileges(6958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6958"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert"
},
{
"name": "DSA-055",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-055"
},
{
"name": "RHSA-2001:065",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-065.html"
},
{
"name": "CLA-2001:407",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000407"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0567",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-07-27T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0568
Vulnerability from cvelistv5
Published
2001-07-27 04:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2001/dsa-043 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23 | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2001-021.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382 | vendor-advisory, x_refsource_CONECTIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-043",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-043"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23"
},
{
"name": "RHSA-2001:021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-021.html"
},
{
"name": "MDKSA-2001:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3"
},
{
"name": "CLA-2001:382",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000382"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-043",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-043"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23"
},
{
"name": "RHSA-2001:021",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-021.html"
},
{
"name": "MDKSA-2001:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3"
},
{
"name": "CLA-2001:382",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000382"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-043",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-043"
},
{
"name": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23"
},
{
"name": "RHSA-2001:021",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-021.html"
},
{
"name": "MDKSA-2001:025",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3"
},
{
"name": "CLA-2001:382",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000382"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0568",
"datePublished": "2001-07-27T04:00:00",
"dateReserved": "2001-07-27T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4924
Vulnerability from cvelistv5
Published
2019-11-25 17:03
Modified
2024-08-07 00:23
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2011-4924 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2011-4924 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/01/19/19 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/01/19/16 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/01/19/17 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2012/01/19/18 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | zope | zope2, zope3 |
Version: 2.8.x before 2.8.12 Version: 2.9.x before 2.9.12 Version: 2.10.x before 2.10.11 Version: 2.11.x before 2.11.6 Version: and 2.12.x before 2.12.3 Version: 3.1.1through 3.4.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:23:39.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4924"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4924"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/16"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "zope2, zope3",
"vendor": "zope",
"versions": [
{
"status": "affected",
"version": "2.8.x before 2.8.12"
},
{
"status": "affected",
"version": "2.9.x before 2.9.12"
},
{
"status": "affected",
"version": "2.10.x before 2.10.11"
},
{
"status": "affected",
"version": "2.11.x before 2.11.6"
},
{
"status": "affected",
"version": "and 2.12.x before 2.12.3"
},
{
"status": "affected",
"version": "3.1.1through 3.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incomplete upstream patch for CVE-2010-1104 issue",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T17:03:14",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4924"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4924"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/16"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4924",
"datePublished": "2019-11-25T17:03:14",
"dateReserved": "2011-12-23T00:00:00",
"dateUpdated": "2024-08-07T00:23:39.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32633
Vulnerability from cvelistv5
Published
2021-05-21 13:55
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 | x_refsource_CONFIRM | |
| https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/21/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2021/05/22/1 | mailing-list, x_refsource_MLIST | |
| https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | zopefoundation | Zope |
Version: < 4.6 Version: >= 5.0, < 5.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91"
},
{
"name": "[oss-security] 20210521 Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zope",
"vendor": "zopefoundation",
"versions": [
{
"status": "affected",
"version": "\u003c 4.6"
},
{
"status": "affected",
"version": "\u003e= 5.0, \u003c 5.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-29T11:47:33",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91"
},
{
"name": "[oss-security] 20210521 Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/"
}
],
"source": {
"advisory": "GHSA-5pr9-v234-jw36",
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution via traversal in TAL expressions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32633",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution via traversal in TAL expressions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zope",
"version": {
"version_data": [
{
"version_value": "\u003c 4.6"
},
{
"version_value": "\u003e= 5.0, \u003c 5.2"
}
]
}
}
]
},
"vendor_name": "zopefoundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36",
"refsource": "CONFIRM",
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91",
"refsource": "MISC",
"url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91"
},
{
"name": "[oss-security] 20210521 Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"name": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/",
"refsource": "MISC",
"url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/"
}
]
},
"source": {
"advisory": "GHSA-5pr9-v234-jw36",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32633",
"datePublished": "2021-05-21T13:55:10",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4684
Vulnerability from cvelistv5
Published
2006-09-19 18:00
Modified
2024-08-07 19:23
Severity ?
EPSS score ?
Summary
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
References
| ▼ | URL | Tags |
|---|---|---|
| http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2006/3653 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/21953 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/20022 | vdb-entry, x_refsource_BID | |
| http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt | x_refsource_CONFIRM | |
| http://www.debian.org/security/2006/dsa-1176 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/21947 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Zope-Annce] 20060821 Hotfix for Further reST Integration Issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html"
},
{
"name": "ADV-2006-3653",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3653"
},
{
"name": "21953",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21953"
},
{
"name": "20022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20022"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt"
},
{
"name": "DSA-1176",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1176"
},
{
"name": "21947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21947"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-11T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Zope-Annce] 20060821 Hotfix for Further reST Integration Issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html"
},
{
"name": "ADV-2006-3653",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3653"
},
{
"name": "21953",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21953"
},
{
"name": "20022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20022"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt"
},
{
"name": "DSA-1176",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1176"
},
{
"name": "21947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21947"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Zope-Annce] 20060821 Hotfix for Further reST Integration Issue",
"refsource": "MLIST",
"url": "http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html"
},
{
"name": "ADV-2006-3653",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3653"
},
{
"name": "21953",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21953"
},
{
"name": "20022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20022"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt"
},
{
"name": "DSA-1176",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1176"
},
{
"name": "21947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21947"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4684",
"datePublished": "2006-09-19T18:00:00",
"dateReserved": "2006-09-11T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3587
Vulnerability from cvelistv5
Published
2011-10-10 10:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=742297 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/46221 | third-party-advisory, x_refsource_SECUNIA | |
| http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/46323 | third-party-advisory, x_refsource_SECUNIA | |
| http://plone.org/products/plone/security/advisories/20110928 | x_refsource_CONFIRM | |
| http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587 | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20110928 | x_refsource_CONFIRM | |
| http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742297"
},
{
"name": "46221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"name": "46323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone/security/advisories/20110928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-19T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742297"
},
{
"name": "46221",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"name": "46323",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone/security/advisories/20110928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3587",
"datePublished": "2011-10-10T10:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0170
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:42
Severity ?
EPSS score ?
Summary
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101503023511996&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.zope.org/Products/Zope/hotfixes/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4229 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2002-060.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.iss.net/security_center/static/8334.php | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/5350 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:42:28.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020301 [matt@zope.com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101503023511996\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/hotfixes/"
},
{
"name": "4229",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4229"
},
{
"name": "RHSA-2002:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"name": "zope-proxy-role-privileges(8334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8334.php"
},
{
"name": "5350",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5350"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020301 [matt@zope.com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101503023511996\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/hotfixes/"
},
{
"name": "4229",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4229"
},
{
"name": "RHSA-2002:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"name": "zope-proxy-role-privileges(8334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8334.php"
},
{
"name": "5350",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5350"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020301 [matt@zope.com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101503023511996\u0026w=2"
},
{
"name": "http://www.zope.org/Products/Zope/hotfixes/",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/hotfixes/"
},
{
"name": "4229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4229"
},
{
"name": "RHSA-2002:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"name": "zope-proxy-role-privileges(8334)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8334.php"
},
{
"name": "5350",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5350"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0170",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-04-11T00:00:00",
"dateUpdated": "2024-08-08T02:42:28.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1278
Vulnerability from cvelistv5
Published
2002-05-03 04:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.redhat.com/support/errata/RHSA-2001-115.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/3425 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2001:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3"
},
{
"name": "RHSA-2001:115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-115.html"
},
{
"name": "3425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3425"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-05-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2001:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3"
},
{
"name": "RHSA-2001:115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-115.html"
},
{
"name": "3425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3425"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2001:080",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3"
},
{
"name": "RHSA-2001:115",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-115.html"
},
{
"name": "3425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3425"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1278",
"datePublished": "2002-05-03T04:00:00",
"dateReserved": "2002-05-01T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0688
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2004/dsa-490 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.iss.net/security_center/static/9610.php | vdb-entry, x_refsource_XF | |
| http://www.redhat.com/support/errata/RHSA-2002-060.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/5812 | vdb-entry, x_refsource_BID | |
| http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-490",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-490"
},
{
"name": "zope-zcatalog-index-bypass(9610)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9610.php"
},
{
"name": "RHSA-2002:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"name": "5812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-490",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-490"
},
{
"name": "zope-zcatalog-index-bypass(9610)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9610.php"
},
{
"name": "RHSA-2002:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"name": "5812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-490",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-490"
},
{
"name": "zope-zcatalog-index-bypass(9610)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9610.php"
},
{
"name": "RHSA-2002:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"name": "5812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5812"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0688",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-12T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1227
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:51
Severity ?
EPSS score ?
Summary
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.redhat.com/support/errata/RHSA-2001-115.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/3425 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7271 | vdb-entry, x_refsource_XF | |
| http://www.redhat.com/support/errata/RHSA-2001-072.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:51:07.131Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2001:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3"
},
{
"name": "RHSA-2001:115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-115.html"
},
{
"name": "3425",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3425"
},
{
"name": "zope-fmt-access-methods(7271)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7271"
},
{
"name": "RHSA-2001:072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-072.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2001:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3"
},
{
"name": "RHSA-2001:115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-115.html"
},
{
"name": "3425",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3425"
},
{
"name": "zope-fmt-access-methods(7271)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7271"
},
{
"name": "RHSA-2001:072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-072.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2001:080",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3"
},
{
"name": "RHSA-2001:115",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-115.html"
},
{
"name": "3425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3425"
},
{
"name": "zope-fmt-access-methods(7271)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7271"
},
{
"name": "RHSA-2001:072",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-072.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1227",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-04-11T00:00:00",
"dateUpdated": "2024-08-08T04:51:07.131Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5486
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/zope2/+bug/930812 | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/02 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1194.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/930812"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/02"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-06T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/930812"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/02"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "RHSA-2014:1194",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5486",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0687
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5813 | vdb-entry, x_refsource_BID | |
| http://www.redhat.com/support/errata/RHSA-2002-060.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.osvdb.org/5166 | vdb-entry, x_refsource_OSVDB | |
| http://www.iss.net/security_center/static/9621.php | vdb-entry, x_refsource_XF | |
| http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5813",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5813"
},
{
"name": "RHSA-2002:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"name": "5166",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5166"
},
{
"name": "zope-inject-headers-dos(9621)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9621.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"through the web code\" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5813",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5813"
},
{
"name": "RHSA-2002:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"name": "5166",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5166"
},
{
"name": "zope-inject-headers-dos(9621)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9621.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"through the web code\" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5813"
},
{
"name": "RHSA-2002:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"name": "5166",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5166"
},
{
"name": "zope-inject-headers-dos(9621)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9621.php"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0687",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-12T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32674
Vulnerability from cvelistv5
Published
2021-06-08 17:45
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.2.1 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6 | x_refsource_CONFIRM | |
| https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 | x_refsource_MISC | |
| https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21 | x_refsource_MISC | |
| https://pypi.org/project/Zope/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | zopefoundation | Zope |
Version: >= 5.0.0, < 5.2.1 Version: < 4.6.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:31.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pypi.org/project/Zope/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zope",
"vendor": "zopefoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.2.1"
},
{
"status": "affected",
"version": "\u003c 4.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the \u0027os\u0027 module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.2.1 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-17T16:29:37",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pypi.org/project/Zope/"
}
],
"source": {
"advisory": "GHSA-rpcg-f9q6-2mq6",
"discovery": "UNKNOWN"
},
"title": "Remote Code Execution via traversal in TAL expressions",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32674",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution via traversal in TAL expressions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zope",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.0.0, \u003c 5.2.1"
},
{
"version_value": "\u003c 4.6.1"
}
]
}
}
]
},
"vendor_name": "zopefoundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the \u0027os\u0027 module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.2.1 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6",
"refsource": "CONFIRM",
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6"
},
{
"name": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36",
"refsource": "MISC",
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21",
"refsource": "MISC",
"url": "https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21"
},
{
"name": "https://pypi.org/project/Zope/",
"refsource": "MISC",
"url": "https://pypi.org/project/Zope/"
}
]
},
"source": {
"advisory": "GHSA-rpcg-f9q6-2mq6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32674",
"datePublished": "2021-06-08T17:45:12",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:31.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-1212
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 05:45
Severity ?
EPSS score ?
Summary
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
References
| ▼ | URL | Tags |
|---|---|---|
| http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert | x_refsource_CONFIRM | |
| http://www.debian.org/security/2001/dsa-007 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.redhat.com/support/errata/RHSA-2000-135.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5778 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/6283 | vdb-entry, x_refsource_OSVDB | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365 | vendor-advisory, x_refsource_CONECTIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2000:086",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert"
},
{
"name": "DSA-007",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-007"
},
{
"name": "RHSA-2000:135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-135.html"
},
{
"name": "zope-image-file(5778)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5778"
},
{
"name": "6283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6283"
},
{
"name": "CLA-2000:365",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-09-10T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2000:086",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert"
},
{
"name": "DSA-007",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-007"
},
{
"name": "RHSA-2000:135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-135.html"
},
{
"name": "zope-image-file(5778)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5778"
},
{
"name": "6283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6283"
},
{
"name": "CLA-2000:365",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2000:086",
"refsource": "MANDRAKE",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert"
},
{
"name": "DSA-007",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-007"
},
{
"name": "RHSA-2000:135",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-135.html"
},
{
"name": "zope-image-file(5778)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5778"
},
{
"name": "6283",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6283"
},
{
"name": "CLA-2000:365",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1212",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-08-16T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3323
Vulnerability from cvelistv5
Published
2005-10-27 04:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/17676 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/15082 | vdb-entry, x_refsource_BID | |
| http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert | x_refsource_CONFIRM | |
| http://www.debian.org/security/2005/dsa-910 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/229-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/17309 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17173 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200510-20.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.novell.com/linux/security/advisories/2005_27_sr.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17676"
},
{
"name": "15082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert"
},
{
"name": "DSA-910",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-910"
},
{
"name": "USN-229-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/229-1/"
},
{
"name": "17309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17309"
},
{
"name": "17173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17173"
},
{
"name": "GLSA-200510-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-20.xml"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17676",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17676"
},
{
"name": "15082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert"
},
{
"name": "DSA-910",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-910"
},
{
"name": "USN-229-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/229-1/"
},
{
"name": "17309",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17309"
},
{
"name": "17173",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17173"
},
{
"name": "GLSA-200510-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-20.xml"
},
{
"name": "SUSE-SR:2005:027",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17676"
},
{
"name": "15082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15082"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert"
},
{
"name": "DSA-910",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-910"
},
{
"name": "USN-229-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/229-1/"
},
{
"name": "17309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17309"
},
{
"name": "17173",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17173"
},
{
"name": "GLSA-200510-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-20.xml"
},
{
"name": "SUSE-SR:2005:027",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3323",
"datePublished": "2005-10-27T04:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0128
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/6284 | vdb-entry, x_refsource_OSVDB | |
| http://www.redhat.com/support/errata/RHSA-2000-127.html | vendor-advisory, x_refsource_REDHAT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5777 | vdb-entry, x_refsource_XF | |
| http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.debian.org/security/2000/20001219 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:55.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6284"
},
{
"name": "RHSA-2000:127",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-127.html"
},
{
"name": "zope-calculate-roles(5777)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5777"
},
{
"name": "MDKSA-2000-083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3"
},
{
"name": "FreeBSD-SA-01:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc"
},
{
"name": "CLA-2000:365",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
},
{
"name": "DSA-006-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20001219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6284",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6284"
},
{
"name": "RHSA-2000:127",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-127.html"
},
{
"name": "zope-calculate-roles(5777)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5777"
},
{
"name": "MDKSA-2000-083",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3"
},
{
"name": "FreeBSD-SA-01:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc"
},
{
"name": "CLA-2000:365",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
},
{
"name": "DSA-006-1",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20001219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6284",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6284"
},
{
"name": "RHSA-2000:127",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-127.html"
},
{
"name": "zope-calculate-roles(5777)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5777"
},
{
"name": "MDKSA-2000-083",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3"
},
{
"name": "FreeBSD-SA-01:06",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc"
},
{
"name": "CLA-2000:365",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
},
{
"name": "DSA-006-1",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20001219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0128",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-02-06T00:00:00",
"dateUpdated": "2024-08-08T04:06:55.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44389
Vulnerability from cvelistv5
Published
2023-10-04 20:07
Modified
2024-11-27 16:15
Severity ?
EPSS score ?
Summary
Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | zopefoundation | Zope |
Version: >= 4.0.0, < 4.8.11 Version: >= 5.0.0, < 5.8.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:07:32.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-02T16:01:20.588939Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T16:15:46.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Zope",
"vendor": "zopefoundation",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.8.11"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.8.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T21:48:55.985Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a"
},
{
"name": "https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d"
}
],
"source": {
"advisory": "GHSA-m755-gxxg-r5qh",
"discovery": "UNKNOWN"
},
"title": "Zope management interface vulnerable to stored cross site scripting via the title property"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-44389",
"datePublished": "2023-10-04T20:07:34.274Z",
"dateReserved": "2023-09-28T17:56:32.613Z",
"dateUpdated": "2024-11-27T16:15:46.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0483
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:21
Severity ?
EPSS score ?
Summary
The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/4716 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html | mailing-list, x_refsource_BUGTRAQ | |
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.redhat.com/support/errata/RHSA-2000-038.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/1354 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768%40conectiva.com.br | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:21:30.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html"
},
{
"name": "zope-dtml-remote-modify(4716)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4716"
},
{
"name": "20000728 MDKSA-2000:026 Zope update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html"
},
{
"name": "FreeBSD-SA-00:38",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc"
},
{
"name": "RHSA-2000:038",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-038.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert"
},
{
"name": "1354",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1354"
},
{
"name": "2000615 Conectiva Linux Security Announcement - ZOPE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000616103807.A3768%40conectiva.com.br"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html"
},
{
"name": "zope-dtml-remote-modify(4716)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4716"
},
{
"name": "20000728 MDKSA-2000:026 Zope update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html"
},
{
"name": "FreeBSD-SA-00:38",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc"
},
{
"name": "RHSA-2000:038",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-038.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert"
},
{
"name": "1354",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1354"
},
{
"name": "2000615 Conectiva Linux Security Announcement - ZOPE",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000616103807.A3768%40conectiva.com.br"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html"
},
{
"name": "zope-dtml-remote-modify(4716)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4716"
},
{
"name": "20000728 MDKSA-2000:026 Zope update",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html"
},
{
"name": "FreeBSD-SA-00:38",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc"
},
{
"name": "RHSA-2000:038",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-038.html"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert"
},
{
"name": "1354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1354"
},
{
"name": "2000615 Conectiva Linux Security Announcement - ZOPE",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000616103807.A3768@conectiva.com.br"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0483",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-07-11T00:00:00",
"dateUpdated": "2024-08-08T05:21:30.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3198
Vulnerability from cvelistv5
Published
2010-09-08 19:00
Modified
2024-09-16 16:22
Severity ?
EPSS score ?
Summary
ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/2275 | vdb-entry, x_refsource_VUPEN | |
| https://mail.zope.org/pipermail/zope-announce/2010-September/002247.html | mailing-list, x_refsource_MLIST | |
| http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/42939 | vdb-entry, x_refsource_BID | |
| https://bugs.launchpad.net/zope2/+bug/627988 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:03:18.353Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt"
},
{
"name": "ADV-2010-2275",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2275"
},
{
"name": "[zope-announce] 20100901 Annoucement: Zope 2.10.12 and 2.11.7 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2010-September/002247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt"
},
{
"name": "42939",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42939"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/627988"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-08T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt"
},
{
"name": "ADV-2010-2275",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2275"
},
{
"name": "[zope-announce] 20100901 Annoucement: Zope 2.10.12 and 2.11.7 Released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2010-September/002247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt"
},
{
"name": "42939",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42939"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/627988"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt"
},
{
"name": "ADV-2010-2275",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2275"
},
{
"name": "[zope-announce] 20100901 Annoucement: Zope 2.10.12 and 2.11.7 Released",
"refsource": "MLIST",
"url": "https://mail.zope.org/pipermail/zope-announce/2010-September/002247.html"
},
{
"name": "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt"
},
{
"name": "42939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42939"
},
{
"name": "https://bugs.launchpad.net/zope2/+bug/627988",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/zope2/+bug/627988"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3198",
"datePublished": "2010-09-08T19:00:00Z",
"dateReserved": "2010-08-31T00:00:00Z",
"dateUpdated": "2024-09-16T16:22:53.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33507
Vulnerability from cvelistv5
Published
2021-05-21 21:33
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/05/22/1 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:42.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-22T17:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-33507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots",
"refsource": "MISC",
"url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"
},
{
"name": "[oss-security] 20210522 Re: Plone security hotfix 20210518",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33507",
"datePublished": "2021-05-21T21:33:31",
"dateReserved": "2021-05-21T00:00:00",
"dateUpdated": "2024-08-03T23:50:42.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3458
Vulnerability from cvelistv5
Published
2006-07-07 23:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/21025 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27636 | vdb-entry, x_refsource_XF | |
| http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2006/2681 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/21130 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/21459 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.novell.com/linux/security/advisories/2006_19_sr.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2006/dsa-1113 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/18856 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/20988 | third-party-advisory, x_refsource_SECUNIA | |
| http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/317-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21025"
},
{
"name": "zope-docutils-information-disclosure(27636)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
},
{
"name": "ADV-2006-2681",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2681"
},
{
"name": "21130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21130"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "DSA-1113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1113"
},
{
"name": "18856",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18856"
},
{
"name": "20988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20988"
},
{
"name": "[Zope-announce] 20060706 Serious security problem with Zope 2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
},
{
"name": "USN-317-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/317-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21025"
},
{
"name": "zope-docutils-information-disclosure(27636)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
},
{
"name": "ADV-2006-2681",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2681"
},
{
"name": "21130",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21130"
},
{
"name": "21459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "DSA-1113",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1113"
},
{
"name": "18856",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18856"
},
{
"name": "20988",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20988"
},
{
"name": "[Zope-announce] 20060706 Serious security problem with Zope 2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
},
{
"name": "USN-317-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/317-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21025"
},
{
"name": "zope-docutils-information-disclosure(27636)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
},
{
"name": "ADV-2006-2681",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2681"
},
{
"name": "21130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21130"
},
{
"name": "21459",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21459"
},
{
"name": "SUSE-SR:2006:019",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"name": "DSA-1113",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1113"
},
{
"name": "18856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18856"
},
{
"name": "20988",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20988"
},
{
"name": "[Zope-announce] 20060706 Serious security problem with Zope 2",
"refsource": "MLIST",
"url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
},
{
"name": "USN-317-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/317-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3458",
"datePublished": "2006-07-07T23:00:00",
"dateReserved": "2006-07-07T00:00:00",
"dateUpdated": "2024-08-07T18:30:33.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0725
Vulnerability from cvelistv5
Published
2000-10-13 04:00
Modified
2024-08-08 05:28
Severity ?
EPSS score ?
Summary
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.debian.org/security/2000/20000821 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/1577 | vdb-entry, x_refsource_BID | |
| http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert | x_refsource_CONFIRM | |
| http://www.redhat.com/support/errata/RHSA-2000-052.html | vendor-advisory, x_refsource_REDHAT | |
| http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000821 Conectiva Linux Security Announcement - Zope",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html"
},
{
"name": "20000821 zope: unauthorized escalation of privilege (update)",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2000/20000821"
},
{
"name": "1577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1577"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert"
},
{
"name": "RHSA-2000:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-052.html"
},
{
"name": "20000816 MDKSA-2000:035 Zope update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-08-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000821 Conectiva Linux Security Announcement - Zope",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html"
},
{
"name": "20000821 zope: unauthorized escalation of privilege (update)",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2000/20000821"
},
{
"name": "1577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1577"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert"
},
{
"name": "RHSA-2000:052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2000-052.html"
},
{
"name": "20000816 MDKSA-2000:035 Zope update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000821 Conectiva Linux Security Announcement - Zope",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html"
},
{
"name": "20000821 zope: unauthorized escalation of privilege (update)",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2000/20000821"
},
{
"name": "1577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1577"
},
{
"name": "http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert",
"refsource": "CONFIRM",
"url": "http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert"
},
{
"name": "RHSA-2000:052",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-052.html"
},
{
"name": "20000816 MDKSA-2000:035 Zope update",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0725",
"datePublished": "2000-10-13T04:00:00",
"dateReserved": "2000-09-19T00:00:00",
"dateUpdated": "2024-08-08T05:28:41.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5507
Vulnerability from cvelistv5
Published
2014-09-30 14:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/zope2/+bug/1071067 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/1 | mailing-list, x_refsource_MLIST | |
| https://plone.org/products/plone-hotfix/releases/20121106 | x_refsource_CONFIRM | |
| https://plone.org/products/plone/security/advisories/20121106/23 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-30T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/23"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5507",
"datePublished": "2014-09-30T14:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41050
Vulnerability from cvelistv5
Published
2023-09-06 17:58
Modified
2024-09-26 15:19
Severity ?
EPSS score ?
Summary
AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | zopefoundation | AccessControl |
Version: AccessControl: < 4.4 Version: AccessControl: >= 5.0, < 5.8 Version: AccessControl: >= 6.0, < 6.2 Version: Zope: < 4.8.9 Version: Zope: >= 5.0.0, < 5.8.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.727Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-8xv7-89vj-q48c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-8xv7-89vj-q48c"
},
{
"name": "https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:47:49.544178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T15:19:50.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AccessControl",
"vendor": "zopefoundation",
"versions": [
{
"status": "affected",
"version": "AccessControl: \u003c 4.4"
},
{
"status": "affected",
"version": "AccessControl: \u003e= 5.0, \u003c 5.8"
},
{
"status": "affected",
"version": "AccessControl: \u003e= 6.0, \u003c 6.2"
},
{
"status": "affected",
"version": "Zope: \u003c 4.8.9"
},
{
"status": "affected",
"version": "Zope: \u003e= 5.0.0, \u003c 5.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "AccessControl provides a general security framework for use in Zope. Python\u0027s \"format\" functionality allows someone controlling the format string to \"read\" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python\u0027s full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T17:58:10.510Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-8xv7-89vj-q48c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-8xv7-89vj-q48c"
},
{
"name": "https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9"
}
],
"source": {
"advisory": "GHSA-8xv7-89vj-q48c",
"discovery": "UNKNOWN"
},
"title": "Information disclosure through Python\u0027s \"format\" functionality in Zope AccessControl"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41050",
"datePublished": "2023-09-06T17:58:10.510Z",
"dateReserved": "2023-08-22T16:57:23.933Z",
"dateUpdated": "2024-09-26T15:19:50.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2000-12-16 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3C0DAC-01B0-4C9D-9AA2-8F02F974DCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4E13A0-7384-49E3-A848-8E864C340F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA5CE15-530A-400D-9FDF-7044CD8C6DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC30CD-684E-4C53-833E-6EF2C8D1A3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "DABDC050-BF8B-4F8C-9FCD-4B0D86E46D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "C91E72CC-8AEA-49E5-BB7D-3C16E2E30A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A13ABF-9850-4AB8-A0C9-8D6B9F3D9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "98EBD292-5FC6-4463-B085-A34D1DFDB0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15B80335-5F59-4530-A241-437367369BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53427D40-495B-4F37-95A5-6D069186CBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB2FC39-A95D-414E-A67E-66AF79A12CEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities."
}
],
"id": "CVE-2000-1211",
"lastModified": "2024-11-20T23:34:16.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-16T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/5824.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6282"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-125.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/5824.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-125.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-10 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3C0DAC-01B0-4C9D-9AA2-8F02F974DCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A13ABF-9850-4AB8-A0C9-8D6B9F3D9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15B80335-5F59-4530-A241-437367369BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53427D40-495B-4F37-95A5-6D069186CBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB2FC39-A95D-414E-A67E-66AF79A12CEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags."
}
],
"id": "CVE-2001-1278",
"lastModified": "2024-11-20T23:37:18.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-10T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-115.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3425"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-18 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3C0DAC-01B0-4C9D-9AA2-8F02F974DCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4E13A0-7384-49E3-A848-8E864C340F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA5CE15-530A-400D-9FDF-7044CD8C6DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC30CD-684E-4C53-833E-6EF2C8D1A3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "DABDC050-BF8B-4F8C-9FCD-4B0D86E46D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "C91E72CC-8AEA-49E5-BB7D-3C16E2E30A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A13ABF-9850-4AB8-A0C9-8D6B9F3D9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "98EBD292-5FC6-4463-B085-A34D1DFDB0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15B80335-5F59-4530-A241-437367369BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53427D40-495B-4F37-95A5-6D069186CBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB2FC39-A95D-414E-A67E-66AF79A12CEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects."
}
],
"id": "CVE-2000-1212",
"lastModified": "2024-11-20T23:34:16.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-18T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
},
{
"source": "cve@mitre.org",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2001/dsa-007"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6283"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-135.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2001/dsa-007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-135.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5778"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-19 18:07
Modified
2024-11-21 00:16
Severity ?
Summary
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zope | zope | 2.7.0 | |
| zope | zope | 2.7.1 | |
| zope | zope | 2.7.2 | |
| zope | zope | 2.7.3 | |
| zope | zope | 2.7.4 | |
| zope | zope | 2.7.5 | |
| zope | zope | 2.7.6 | |
| zope | zope | 2.7.7 | |
| zope | zope | 2.7.8 | |
| zope | zope | 2.7.9 | |
| zope | zope | 2.8.0 | |
| zope | zope | 2.8.1 | |
| zope | zope | 2.8.2 | |
| zope | zope | 2.8.3 | |
| zope | zope | 2.8.4 | |
| zope | zope | 2.8.5 | |
| zope | zope | 2.8.6 | |
| zope | zope | 2.8.7 | |
| zope | zope | 2.8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E296CD1C-2601-4A63-9E9D-38A39C84BF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF9B22D-6EF3-4364-A016-041457C4DFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88153606-52FE-4C0B-88CD-B76538C19055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA38381-4C32-4C55-8116-341028D1888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B294E38-65FD-474D-BABC-9447EF33202A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "685805FD-1A33-480E-A313-255EDF0B5266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D827148D-4A8A-41DB-91B6-0049706D53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0273EF1B-BC64-432F-8966-68547DFAD6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A52CDCE-172C-4FAC-9015-ACF362E8E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "84DFC911-D226-4F8C-840A-D5F6EBBBF0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "234C776B-C053-484C-ADE4-ED270064943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "244107E5-42B0-4695-BBC9-5B90AD0A1336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93785E75-3F82-471E-B802-6337A6469AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B34066B4-CE72-4271-9CFD-F725F7D17C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81028DBB-7A75-4D27-8027-947F15CAA21E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62BCE60F-9081-44D3-87FC-396D1A954626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA09D22-779C-4E63-B216-B931FA11E014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2759CCE-3A1F-4E3F-9832-8BF3AA4F20F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458."
},
{
"lang": "es",
"value": "El m\u00f3dulo docutils en Zope (Zope2) desde 2.7.0 hasta 2.7.9 y desde 2.8.0 hasta 2.8.8 no maneja adecuadamente p\u00e1ginas web con el marcado reStructuredText (reST), lo cual permite a atacantes remotos leer ficheros de su elecci\u00f3n v\u00eda una directiva csv_table, una vulnerabilidad diferente que CVE-2006-3458."
}
],
"id": "CVE-2006-4684",
"lastModified": "2024-11-21T00:16:32.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-19T18:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21947"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21953"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1176"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20022"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3653"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-08-22 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "602119E0-1562-4175-AC81-BB057BE2C1BE",
"versionEndIncluding": "2.3.1_b1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes."
}
],
"id": "CVE-2001-0568",
"lastModified": "2024-11-20T23:35:40.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-08-22T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000382"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-043"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-27 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zope | zope | * | |
| zope | zope | * | |
| zope | zope | 2.6 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A511D4F-3037-4DCB-B1FC-5CFAAFE840B4",
"versionEndExcluding": "2.7.8",
"versionStartIncluding": "2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2F1054-D310-472D-9610-A66155B86CBC",
"versionEndExcluding": "2.8.2",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3C3F478-1C30-4FB6-8983-A8D863D6FB0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality."
}
],
"id": "CVE-2005-3323",
"lastModified": "2024-11-21T00:01:37.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-27T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17173"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17309"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17676"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-910"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-20.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/15082"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/229-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/15082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/229-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-21 17:15
Modified
2024-11-21 08:22
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the "Add Documents, Images, and Files" permission is only assigned to trusted roles. By default, only the Manager has this permission.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E52EB57-D398-4D1B-8AB1-7D2B97991DC3",
"versionEndExcluding": "4.8.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C57E3B-BC61-4FAF-A431-4E9C9402F251",
"versionEndExcluding": "5.8.5",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the \"Add Documents, Images, and Files\" permission is only assigned to trusted roles. By default, only the Manager has this permission."
},
{
"lang": "es",
"value": "Zope es un servidor de aplicaciones web de c\u00f3digo abierto. Antes de las versiones 4.8.10 y 5.8.5, existe una vulnerabilidad de Cross Site Scripting almacenado para im\u00e1genes SVG. Tenga en cuenta que una etiqueta de imagen con una imagen SVG como fuente nunca es vulnerable, incluso cuando la imagen SVG contiene c\u00f3digo malicioso. Para explotar la vulnerabilidad, un atacante primero tendr\u00eda que cargar una imagen y luego enga\u00f1ar al usuario para que siga un enlace especialmente manipulado. Los parches est\u00e1n disponibles en Zope 4.8.10 y 5.8.5. Como workaround, aseg\u00farese de que el permiso \"Add Documents, Images, and Files\" solo est\u00e9 asignado a roles confiables. De forma predeterminada, s\u00f3lo el Administrador tiene este permiso."
}
],
"id": "CVE-2023-42458",
"lastModified": "2024-11-21T08:22:34.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-21T17:15:22.483",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/zopefoundation/Zope/commit/603b0a12881c90a072a7a65e32d47ed898ce37cb"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/22/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/zopefoundation/Zope/commit/26a55dbc301db417f47cafda6fe0f983b5690088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/zopefoundation/Zope/commit/603b0a12881c90a072a7a65e32d47ed898ce37cb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-wm8q-9975-xh5v"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-03-12 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | linux_powertools | 6.1 | |
| redhat | linux_powertools | 6.2 | |
| redhat | linux_powertools | 7.0 | |
| zope | zope | * | |
| conectiva | linux | 4.2 | |
| conectiva | linux | 5.0 | |
| conectiva | linux | 5.1 | |
| conectiva | linux | 6.0 | |
| debian | debian_linux | 2.2 | |
| freebsd | freebsd | 6.2 | |
| mandrakesoft | mandrake_linux | 7.1 | |
| mandrakesoft | mandrake_linux | 7.2 | |
| redhat | linux | 6.1 | |
| redhat | linux | 6.2 | |
| redhat | linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:linux_powertools:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE3A85-0A4C-4763-A141-AC27ECFDC2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:linux_powertools:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AE3BF4-237D-4D84-9753-512A642141A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:linux_powertools:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C50F9824-A12E-488E-A735-14696E11F847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B8C8F-0A2D-4C55-9648-DA2B583EBA44",
"versionEndIncluding": "2.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:conectiva:linux:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "612AC3B1-8E55-437F-9600-67EA1A8BAD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:conectiva:linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "537A5C29-D770-4755-A6AB-8916754E14DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:conectiva:linux:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AC05A9-04DA-4ED3-94D8-3254384CB724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:conectiva:linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE4BBA3-7332-45EE-8C29-BE5A473B559D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58B90124-0543-4226-BFF4-13CCCBCCB243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:6.2:stable:*:*:*:*:*:*",
"matchCriteriaId": "32FCB0B3-8FBE-49FA-B17E-0D5462C9E5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC1FF5D-5EAB-44D5-B281-770547C70D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A8FBD5A-2FD0-43CD-AC4B-1D6984D336FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC4D3AB-38FA-4D44-AF5C-2DCD15994E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges."
}
],
"id": "CVE-2001-0128",
"lastModified": "2024-11-20T23:34:40.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-03-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2000/20001219"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6284"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-127.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2000/20001219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-127.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5777"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-04-22 04:00
Modified
2024-11-20 23:38
Severity ?
Summary
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3C0DAC-01B0-4C9D-9AA2-8F02F974DCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A13ABF-9850-4AB8-A0C9-8D6B9F3D9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15B80335-5F59-4530-A241-437367369BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53427D40-495B-4F37-95A5-6D069186CBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB2FC39-A95D-414E-A67E-66AF79A12CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "925BC42D-02B5-4B6F-ADC6-156407868276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE8A9F-432B-40C3-9A7E-3472E2AF0131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B34354C-3369-4926-9DFC-44608A1BC82E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "143AD011-2D33-43E1-AFEA-7C1BC96CBDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "56D73A2B-7D4B-43BA-B7D7-E1FE397BD577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54DFA87E-DC83-40A8-AAC1-40B37F024255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4701F71F-D467-4C9E-8819-9E4361AB1C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89A37024-4562-451B-B1C0-CD27DD694F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6881C300-3639-4B31-8182-C9DACE3F4E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.4b1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D58B127-6410-4D56-9ACA-A453C64ACD2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "219AC292-9793-4FA6-A6E8-9E6D922AFC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F42437-4591-4E5C-8AF2-C8EF6BCB694C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration."
},
{
"lang": "es",
"value": "Zope 2.2.0 a 2.5.1 no verifica adecuamente el acceso a objetos con perfiles del proxy, lo que podr\u00eda permitir a algunos usuarios acceder a documentos violando la configuraci\u00f3n pretendida."
}
],
"id": "CVE-2002-0170",
"lastModified": "2024-11-20T23:38:28.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-04-22T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101503023511996\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/8334.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5350"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/4229"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/hotfixes/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101503023511996\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/8334.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/4229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/hotfixes/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-23 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC7D1226-F918-4D63-BD84-2946DFE286E7",
"versionEndIncluding": "2.5.1b1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"through the web code\" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers."
},
{
"lang": "es",
"value": "La capacidad through the web code de Zope desde la versi\u00f3n 2.0 a la 2.5.1 b1, permite a usuarios no fiables parar el servidor mediante ciertas cabeceras."
}
],
"id": "CVE-2002-0687",
"lastModified": "2024-11-20T23:39:38.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-23T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9621.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5166"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5813"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9621.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2024-11-21 01:44
Severity ?
Summary
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "484BD5DA-B3D7-41C4-8E02-AE8C4EBEC5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60254EFC-026C-41A9-8587-ED22B2570CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "98388A7B-2DE4-4C40-9135-EB4BAD6BC69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E296CD1C-2601-4A63-9E9D-38A39C84BF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA38381-4C32-4C55-8116-341028D1888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B294E38-65FD-474D-BABC-9447EF33202A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "685805FD-1A33-480E-A313-255EDF0B5266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D827148D-4A8A-41DB-91B6-0049706D53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0273EF1B-BC64-432F-8966-68547DFAD6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A52CDCE-172C-4FAC-9015-ACF362E8E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "244107E5-42B0-4695-BBC9-5B90AD0A1336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62BCE60F-9081-44D3-87FC-396D1A954626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2759CCE-3A1F-4E3F-9832-8BF3AA4F20F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0279FD6-9E30-429A-BB70-9B7AF7055160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8ABCF-A7BE-4AB7-BFE9-CF29F7E02860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6561FF26-91C5-40AF-8AA6-E98D295AC33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF323F8-6F93-46CB-A94C-B0774C54188F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF07C5D-DE44-409F-87B6-FB713BAF2547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AACD00C8-F451-4B27-855F-57B6F38A28E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A85B5F4-C731-45F7-801F-8399B06EE135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "52629E94-50DC-4F00-8F96-217F4F2B82B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92CC66BD-4B63-4CA5-9F4E-A5F1FC6A86DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68155E38-F337-42CE-AE30-9482EBED8EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7994032-FEBB-4FD3-9808-A7B277CAD8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C675DA8E-D981-4CFE-8EF7-04FD187DC5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE141CF-0196-4DCA-B328-84F8EA3D6804",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character."
},
{
"lang": "es",
"value": "ZPublisher.HTTPRequest._scrubHeader en Zope 2 anterior a 2.13.19, utilizado en Plone anterior a 4.3 beta 1, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias a trav\u00e9s de un caracter \u0027linefeed\u0027 (LF)."
}
],
"evaluatorComment": "\u003ca href = \"http://cwe.mitre.org/data/definitions/113.html\"\u003e CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027) \u003c/a\u003e",
"id": "CVE-2012-5486",
"lastModified": "2024-11-21T01:44:44.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:05.843",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/zope2/+bug/930812"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1194.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/zope2/+bug/930812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/02"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-08-14 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0DE69DAE-5A3C-4EA3-AB03-28E3E39DCF5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F8DC6A5-B5D5-4F03-A22E-6B90958AE858",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass."
}
],
"id": "CVE-2001-0567",
"lastModified": "2024-11-20T23:35:40.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-08-14T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000407"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-055"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-065.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-055"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6958"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-08 18:15
Modified
2024-11-21 06:07
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the 'os' module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.2.1 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "712BA8E7-7A6A-45C3-956C-50A504307324",
"versionEndExcluding": "4.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A81939E1-6719-4032-960C-4B181E9E4E28",
"versionEndExcluding": "5.2.1",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available for using in TAL expressions that you can add through-the-web, for example in Zope Page Templates. This restriction avoids file system access, for example via the \u0027os\u0027 module. But some of the untrusted modules are available indirectly through Python modules that are available for direct use. By default, you need to have the Manager role to add or edit Zope Page Templates through the web. Only sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk. The problem has been fixed in Zope 5.2.1 and 4.6.1. The workaround is the same as for https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: A site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only."
},
{
"lang": "es",
"value": "Zope es un servidor de aplicaciones web de c\u00f3digo abierto. Este aviso ampl\u00eda el aviso anterior en https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 con casos adicionales de vulnerabilidades de cruce de expresiones TAL. La mayor\u00eda de los m\u00f3dulos de Python no est\u00e1n disponibles para su uso en expresiones TAL que se pueden a\u00f1adir a trav\u00e9s de la web, por ejemplo en las plantillas de p\u00e1ginas de Zope. Esta restricci\u00f3n evita el acceso al sistema de archivos, por ejemplo a trav\u00e9s del m\u00f3dulo \u0027os\u0027. Pero algunos de los m\u00f3dulos no confiables est\u00e1n disponibles indirectamente a trav\u00e9s de los m\u00f3dulos de Python que est\u00e1n disponibles para su uso directo. Por defecto, es necesario tener el rol de Administrador para a\u00f1adir o editar Plantillas de P\u00e1gina Zope a trav\u00e9s de la web. S\u00f3lo los sitios que permiten a los usuarios no confiables a\u00f1adir/editar Plantillas de P\u00e1gina Zope a trav\u00e9s de la web est\u00e1n en riesgo. El problema se ha solucionado en Zope versiones 5.2.1 y 4.6.1. La soluci\u00f3n es la misma que para https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36: Un administrador del sitio puede restringir la adici\u00f3n/edici\u00f3n de Plantillas de P\u00e1gina Zope a trav\u00e9s de la web utilizando los mecanismos est\u00e1ndar de permisos de usuario/rol de Zope. A los usuarios que no sean de confianza no se les debe asignar el rol de Gestor de Zope y a\u00f1adir/editar Plantillas de P\u00e1gina Zope a trav\u00e9s de la web debe estar restringido s\u00f3lo a los usuarios de confianza"
}
],
"id": "CVE-2021-32674",
"lastModified": "2024-11-21T06:07:30.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-06-08T18:15:08.307",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://pypi.org/project/Zope/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/commit/1d897910139e2c0b11984fc9b78c1da1365bec21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-rpcg-f9q6-2mq6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://pypi.org/project/Zope/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-17 18:18
Modified
2024-11-21 00:53
Severity ?
Summary
PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zope | zope | * | |
| zope | zope | 1.10.3 | |
| zope | zope | 1.10.4 | |
| zope | zope | 2.0.0 | |
| zope | zope | 2.0.0a4 | |
| zope | zope | 2.0.0b4 | |
| zope | zope | 2.0.0b5 | |
| zope | zope | 2.0.0b6 | |
| zope | zope | 2.0.1 | |
| zope | zope | 2.1.0 | |
| zope | zope | 2.1.0b1 | |
| zope | zope | 2.1.0b2 | |
| zope | zope | 2.1.1 | |
| zope | zope | 2.1.2 | |
| zope | zope | 2.1.3 | |
| zope | zope | 2.1.4 | |
| zope | zope | 2.1.5 | |
| zope | zope | 2.1.6 | |
| zope | zope | 2.2.0 | |
| zope | zope | 2.2.0a1 | |
| zope | zope | 2.2.0b1 | |
| zope | zope | 2.2.0b2 | |
| zope | zope | 2.2.0b3 | |
| zope | zope | 2.2.0b4 | |
| zope | zope | 2.2.1 | |
| zope | zope | 2.2.1b1 | |
| zope | zope | 2.2.2 | |
| zope | zope | 2.2.3 | |
| zope | zope | 2.2.4 | |
| zope | zope | 2.2.4b1 | |
| zope | zope | 2.2.5 | |
| zope | zope | 2.2.5b1 | |
| zope | zope | 2.3.0 | |
| zope | zope | 2.3.0a1 | |
| zope | zope | 2.3.0a2 | |
| zope | zope | 2.3.0b1 | |
| zope | zope | 2.3.0b2 | |
| zope | zope | 2.3.0b3 | |
| zope | zope | 2.3.1 | |
| zope | zope | 2.3.1b1 | |
| zope | zope | 2.3.1b2 | |
| zope | zope | 2.3.1b3 | |
| zope | zope | 2.3.2 | |
| zope | zope | 2.3.2b1 | |
| zope | zope | 2.3.2b2 | |
| zope | zope | 2.3.3 | |
| zope | zope | 2.3.3b1 | |
| zope | zope | 2.4.0 | |
| zope | zope | 2.4.0a1 | |
| zope | zope | 2.4.0b1 | |
| zope | zope | 2.4.0b2 | |
| zope | zope | 2.4.0b3 | |
| zope | zope | 2.4.1 | |
| zope | zope | 2.4.1b1 | |
| zope | zope | 2.4.2 | |
| zope | zope | 2.4.2b1 | |
| zope | zope | 2.4.3 | |
| zope | zope | 2.4.3 | |
| zope | zope | 2.4.3b1 | |
| zope | zope | 2.4.4 | |
| zope | zope | 2.4.4 | |
| zope | zope | 2.4.4b1 | |
| zope | zope | 2.5.0 | |
| zope | zope | 2.5.0a1 | |
| zope | zope | 2.5.0a2 | |
| zope | zope | 2.5.0b1 | |
| zope | zope | 2.5.1 | |
| zope | zope | 2.5.1 | |
| zope | zope | 2.5.1b1 | |
| zope | zope | 2.5.1b2 | |
| zope | zope | 2.6.0 | |
| zope | zope | 2.6.0a1 | |
| zope | zope | 2.6.0b1 | |
| zope | zope | 2.6.0b2 | |
| zope | zope | 2.6.1 | |
| zope | zope | 2.6.1 | |
| zope | zope | 2.6.1.b1 | |
| zope | zope | 2.6.2 | |
| zope | zope | 2.6.2.b1 | |
| zope | zope | 2.6.2.b2 | |
| zope | zope | 2.6.2.b3 | |
| zope | zope | 2.6.2.b4 | |
| zope | zope | 2.6.2.b5 | |
| zope | zope | 2.6.2.b6 | |
| zope | zope | 2.6.3 | |
| zope | zope | 2.6.4 | |
| zope | zope | 2.6.4 | |
| zope | zope | 2.6.4 | |
| zope | zope | 2.7.0-a1 | |
| zope | zope | 2.7.0-b1 | |
| zope | zope | 2.7.0-b2 | |
| zope | zope | 2.7.0-b3 | |
| zope | zope | 2.7.0-b4 | |
| zope | zope | 2.7.0-c1 | |
| zope | zope | 2.7.0-c2 | |
| zope | zope | 2.7.0-final | |
| zope | zope | 2.7.1-b1 | |
| zope | zope | 2.7.1-b2 | |
| zope | zope | 2.7.1-final | |
| zope | zope | 2.7.2-c1 | |
| zope | zope | 2.7.2-final | |
| zope | zope | 2.7.3-b1 | |
| zope | zope | 2.7.3-b2 | |
| zope | zope | 2.7.3-final | |
| zope | zope | 2.7.4-b1 | |
| zope | zope | 2.7.4-b2 | |
| zope | zope | 2.7.4-c1 | |
| zope | zope | 2.7.4-c2 | |
| zope | zope | 2.7.4-final | |
| zope | zope | 2.7.5-b1 | |
| zope | zope | 2.7.5-c1 | |
| zope | zope | 2.7.5-final | |
| zope | zope | 2.7.6-b1 | |
| zope | zope | 2.7.6-b2 | |
| zope | zope | 2.7.6-final | |
| zope | zope | 2.7.7-b1 | |
| zope | zope | 2.7.7-final | |
| zope | zope | 2.7.8 | |
| zope | zope | 2.7.9 | |
| zope | zope | 2.8.0-a1 | |
| zope | zope | 2.8.0-a2 | |
| zope | zope | 2.8.0-b1 | |
| zope | zope | 2.8.0-b2 | |
| zope | zope | 2.8.0-final | |
| zope | zope | 2.8.1-b1 | |
| zope | zope | 2.8.1-final | |
| zope | zope | 2.8.2 | |
| zope | zope | 2.8.3 | |
| zope | zope | 2.8.4 | |
| zope | zope | 2.8.5 | |
| zope | zope | 2.8.6 | |
| zope | zope | 2.8.7 | |
| zope | zope | 2.8.8 | |
| zope | zope | 2.8.9 | |
| zope | zope | 2.8.9.1 | |
| zope | zope | 2.8.10 | |
| zope | zope | 2.9.0-b1 | |
| zope | zope | 2.9.0-b2 | |
| zope | zope | 2.9.0-final | |
| zope | zope | 2.9.1 | |
| zope | zope | 2.9.2 | |
| zope | zope | 2.9.3 | |
| zope | zope | 2.9.4 | |
| zope | zope | 2.9.5 | |
| zope | zope | 2.9.6 | |
| zope | zope | 2.9.7 | |
| zope | zope | 2.9.8 | |
| zope | zope | 2.9.9 | |
| zope | zope | 2.9.10 | |
| zope | zope | 2.10.0-b1 | |
| zope | zope | 2.10.0-b2 | |
| zope | zope | 2.10.0-c1 | |
| zope | zope | 2.10.0-final | |
| zope | zope | 2.10.2-b1 | |
| zope | zope | 2.10.2-final | |
| zope | zope | 2.10.3-final | |
| zope | zope | 2.10.4-final | |
| zope | zope | 2.10.5 | |
| zope | zope | 2.10.6 | |
| zope | zope | 2.10.7 | |
| zope | zope | 2.11.0 | |
| zope | zope | 2.11.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A1D1A2-D5E3-4850-92F7-878AFC7227F3",
"versionEndIncluding": "2.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B2B101-676C-4EF3-90FB-7B5D36D1ADF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C241A48A-D987-40AB-9FA0-E8B1B9BE7AEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A03C6583-7D9D-488E-B724-A696809B6C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.0.0a4:*:*:*:*:*:*:*",
"matchCriteriaId": "232C32EB-2D06-4995-B7D3-6664BBDE8A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.0.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEFCF909-3125-46B9-978B-6A01C7C933B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.0.0b5:*:*:*:*:*:*:*",
"matchCriteriaId": "D908B47E-1ABB-466E-8ECD-6890C921F3A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.0.0b6:*:*:*:*:*:*:*",
"matchCriteriaId": "7831E756-02CE-43AE-A1D1-A02C9DB3A92A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D10CB90E-AD3E-421C-9844-07A55AE13EFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37DC0246-FFC5-475C-A58C-B449B96C19E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "A57269EA-85F9-4767-B679-E7B55BE5742C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "A97F577A-06E5-4F4F-8015-E3B1ADECBF3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C49596F-E215-4B70-8397-3C247F509D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F8A280F-A140-4399-9742-1A729812F2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FED21663-A607-4C29-8271-CCDCAE1AA52E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4CEFCEE7-470B-4D7E-937A-4B9FFED8157F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD9B7FD-BBB6-4A21-8094-2CE196633EDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0DC84727-3F26-4321-AC2B-02AAE528D37B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3C0DAC-01B0-4C9D-9AA2-8F02F974DCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4E13A0-7384-49E3-A848-8E864C340F79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "0EA5CE15-530A-400D-9FDF-7044CD8C6DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7DC30CD-684E-4C53-833E-6EF2C8D1A3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "DABDC050-BF8B-4F8C-9FCD-4B0D86E46D60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0b4:*:*:*:*:*:*:*",
"matchCriteriaId": "C91E72CC-8AEA-49E5-BB7D-3C16E2E30A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A13ABF-9850-4AB8-A0C9-8D6B9F3D9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "98EBD292-5FC6-4463-B085-A34D1DFDB0C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15B80335-5F59-4530-A241-437367369BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53427D40-495B-4F37-95A5-6D069186CBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB2FC39-A95D-414E-A67E-66AF79A12CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.4b1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC78B80F-36CF-440D-98CD-D47FD239AEC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "925BC42D-02B5-4B6F-ADC6-156407868276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.5b1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C0DBC3-F67F-49E9-A125-922C6F979906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25DE8A9F-432B-40C3-9A7E-3472E2AF0131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "8544050B-C0F0-4622-8107-12CFF90EF4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "91C8A312-A0FA-43C8-84B9-FEDE54F9EE96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6B3455-CEC5-48EE-8F9A-67C8DFA480A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "56C558B6-7E96-4750-A860-955D23F3E76D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B213F4B-21D2-44A8-A2F6-5D70DA7F337C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B34354C-3369-4926-9DFC-44608A1BC82E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEF59BA6-33CC-4DC5-92B3-52BD64337549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.1b2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA506D7-57D4-4148-ADFC-455B6FAE8A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.1b3:*:*:*:*:*:*:*",
"matchCriteriaId": "1645690B-5B9E-42C0-9E3C-DFE10162D05D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "143AD011-2D33-43E1-AFEA-7C1BC96CBDF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.2b1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1E1B2EF-3D21-4675-A16F-DE8FF60DC4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.2b2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9BB4AC-9ECF-4DDA-81D8-639C65E62C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "56D73A2B-7D4B-43BA-B7D7-E1FE397BD577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.3.3b1:*:*:*:*:*:*:*",
"matchCriteriaId": "222ACC75-99E2-4C82-A627-6085582EC202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54DFA87E-DC83-40A8-AAC1-40B37F024255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9470D9-988F-400B-985C-4595959966B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "8617107E-F1E5-4401-9DBE-EA7815912045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E4F185-B70E-44A1-A8AB-A07B45707346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.0b3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1795AB2-4F03-4A9F-8F7E-BD77EDE0FC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4701F71F-D467-4C9E-8819-9E4361AB1C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "15B8E2D3-6E4C-40F5-A6B1-AA422FEAB6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "89A37024-4562-451B-B1C0-CD27DD694F30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.2b1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE14F3E-BA60-44ED-847A-CB823FF94A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6881C300-3639-4B31-8182-C9DACE3F4E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.3:upgrade:*:*:*:*:*:*",
"matchCriteriaId": "BA79F865-E620-4DC6-9758-E847EED38756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.3b1:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A77338-A0C4-4348-B7FC-4BB075BC5694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E1936D04-23DE-45FE-BECC-9F5920D0C815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.4:upgrade:*:*:*:*:*:*",
"matchCriteriaId": "6305CD2B-D5A3-48F2-9042-6C5C0B58F669",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.4.4b1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D58B127-6410-4D56-9ACA-A453C64ACD2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "219AC292-9793-4FA6-A6E8-9E6D922AFC3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4126BA-B101-48C6-A323-3598E44C9BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.0a2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC1F354C-426E-4863-AC69-EAC7ED6E15F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F4DE78-3D50-4133-8077-E77B62AE0270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "484BD5DA-B3D7-41C4-8E02-AE8C4EBEC5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.1:upgrade:*:*:*:*:*:*",
"matchCriteriaId": "4DF37353-1EA6-45FD-A46D-500144D7C527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.1b1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F42437-4591-4E5C-8AF2-C8EF6BCB694C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.1b2:*:*:*:*:*:*:*",
"matchCriteriaId": "15AD4D0C-258D-4AA4-A476-0386E67EE6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A3615FB-53CE-401F-832C-C6DE39174BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F4A44CC-94FB-4708-AD7F-B8DA016DCF46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "74BE51D9-9D3E-403E-A196-F970879BA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "753BA130-B420-4910-B5E4-66730DE932F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60254EFC-026C-41A9-8587-ED22B2570CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.1:upgrade:*:*:*:*:*:*",
"matchCriteriaId": "CAFE302D-BB49-4476-9F89-F9EDF410C20C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.1.b1:*:*:*:*:*:*:*",
"matchCriteriaId": "62208BA1-C57E-4ECE-8F36-3B9FE0FC9864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A59314F-5FAC-445E-BF53-409648AEE3C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.2.b1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0FF11C4-EB9A-466A-9743-A1695DF3E75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.2.b2:*:*:*:*:*:*:*",
"matchCriteriaId": "125E627B-480A-4146-A2E9-C8311117F265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.2.b3:*:*:*:*:*:*:*",
"matchCriteriaId": "ABAF8F64-68BC-4405-8AD8-4226D67AD2FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.2.b4:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C5EA9F-D371-435C-B6ED-EA060BB30CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.2.b5:*:*:*:*:*:*:*",
"matchCriteriaId": "DBFFB8DB-C9D9-42A8-8B96-F86EAD3E910B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.2.b6:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB4565C-F6A2-434A-9A27-54A4CFAB6CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0247677-FCD4-4AA2-8031-CEA4D2F7F463",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "98388A7B-2DE4-4C40-9135-EB4BAD6BC69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "214EECAD-6BEB-4696-8A44-AECF3A483811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3FB9A9B6-A856-4444-A036-6D0AB6A62A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0-a1:*:*:*:*:*:*:*",
"matchCriteriaId": "989F5266-B177-47B4-91A8-5EEFDF9CCAE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB5C29F-7181-4C23-BC6F-FA6879FDCFCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0-b2:*:*:*:*:*:*:*",
"matchCriteriaId": "442DD5FA-3067-4A2E-9199-38C6B6D9AC85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0-b3:*:*:*:*:*:*:*",
"matchCriteriaId": "7906F684-9E70-456C-94F5-EF76D1FCFD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0-b4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC98282-4ED1-4804-9582-C56E63706C87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0-c1:*:*:*:*:*:*:*",
"matchCriteriaId": "793B03E2-A858-4BFD-A1A1-9EBB9FE3AE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0-c2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0EA0C1-F506-4E8E-A06B-49571BD4F716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0-final:*:*:*:*:*:*:*",
"matchCriteriaId": "A56D2773-EF71-4E5A-B1CC-2377F3F039AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.1-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC940DFD-7A80-4302-94E7-85C5C45D2C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.1-b2:*:*:*:*:*:*:*",
"matchCriteriaId": "8242C676-7040-4BD2-869B-057C8C1BB48E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.1-final:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0D4D70-B2A2-44B8-970E-456C9B16D833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.2-c1:*:*:*:*:*:*:*",
"matchCriteriaId": "13002AEF-5C46-4B2D-B356-41B2F30965AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.2-final:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD3255B-4791-4447-9BDA-3704A19AA063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.3-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "608CC5FB-DE42-4BC6-9CEC-6D19DB2A884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.3-b2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5F3D7D-E37E-4868-A780-2F4EC112A8BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.3-final:*:*:*:*:*:*:*",
"matchCriteriaId": "F52ABCA0-E54E-4C0B-93AB-1B601FE60D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "7945440D-2EF0-4F0E-8A20-855E7C8FF181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4-b2:*:*:*:*:*:*:*",
"matchCriteriaId": "9920D1CF-AA84-4635-8FFB-D7CDEF06F0F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4-c1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBD57BF-4B05-4580-A2D4-A124BADEA446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4-c2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB683668-3E95-4E9E-AD97-61102D72C29F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4-final:*:*:*:*:*:*:*",
"matchCriteriaId": "8B69CB01-0AB0-402E-9004-0D575CF8F487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.5-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F737278-263F-4EC7-A147-3C7C12C0A4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.5-c1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B423128-0604-4DF1-A386-D8C4729EFB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.5-final:*:*:*:*:*:*:*",
"matchCriteriaId": "4D8861A0-A94B-4617-82C6-04B8ECA2D74D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.6-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7672D0-AC3C-4BDA-B902-32C6E369AD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.6-b2:*:*:*:*:*:*:*",
"matchCriteriaId": "2155FC85-7A25-40FD-837F-F2C6EE1BEC6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.6-final:*:*:*:*:*:*:*",
"matchCriteriaId": "BE17A356-A8DB-425C-B86B-F2095B1660F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.7-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "C30F191D-BB4C-47E6-ACF8-0E4A95AD84D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.7-final:*:*:*:*:*:*:*",
"matchCriteriaId": "947D37B9-4908-417D-BA40-2DC38BC2DD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A52CDCE-172C-4FAC-9015-ACF362E8E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "84DFC911-D226-4F8C-840A-D5F6EBBBF0CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0-a1:*:*:*:*:*:*:*",
"matchCriteriaId": "4119535A-9B8C-45F2-B083-E6ABB3E08393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0-a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADFE72D-9A97-4A76-A811-024DF90AD86A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5B98B5-A2D7-4A71-AF16-7A57AA271252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0-b2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B31785F-2DF7-4836-9933-7401F3303D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0-final:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A443D6-6079-4F15-83CC-78637A4CFF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "94F1CF87-3A0E-437C-B8B9-92518D82092D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1-final:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1A6CB8-661E-4BBB-846E-43A537CA4A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93785E75-3F82-471E-B802-6337A6469AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B34066B4-CE72-4271-9CFD-F725F7D17C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81028DBB-7A75-4D27-8027-947F15CAA21E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62BCE60F-9081-44D3-87FC-396D1A954626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA09D22-779C-4E63-B216-B931FA11E014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2759CCE-3A1F-4E3F-9832-8BF3AA4F20F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EBDE5C-4529-4BA2-81A2-A87F65462608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25D8B724-8D66-4025-9374-982416282500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F87953F-C2F1-4284-819D-BA4BD74008C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.0-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3643AA3-4997-4E12-9652-4DBC55D2FA27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.0-b2:*:*:*:*:*:*:*",
"matchCriteriaId": "A85A6886-D27B-48A1-9749-7CA301B579DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.0-final:*:*:*:*:*:*:*",
"matchCriteriaId": "979B0D79-09B1-4C79-AD13-00CF817051BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82D9A178-BF69-4C23-BEC8-D175FD58E10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0279FD6-9E30-429A-BB70-9B7AF7055160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8ABCF-A7BE-4AB7-BFE9-CF29F7E02860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6561FF26-91C5-40AF-8AA6-E98D295AC33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF323F8-6F93-46CB-A94C-B0774C54188F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF07C5D-DE44-409F-87B6-FB713BAF2547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AACD00C8-F451-4B27-855F-57B6F38A28E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "457D78E5-46CF-45CA-88E8-ED2A1502BB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "28791A2A-31DC-455C-8775-44E6FE0EF511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "88B232C7-746E-4F2D-8886-B872C307E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.0-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "A41D4E4B-EFEF-46E8-99E5-BA1B691F0673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.0-b2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1685B1-4E40-4341-A4FD-54409EF5160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.0-c1:*:*:*:*:*:*:*",
"matchCriteriaId": "7490F597-C4C5-4CF1-8090-08FB3B1A8ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.0-final:*:*:*:*:*:*:*",
"matchCriteriaId": "43997ED2-9214-42D9-8404-23BC5B79139E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.2-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE608607-2800-4B9F-814B-3E339E2F86A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.2-final:*:*:*:*:*:*:*",
"matchCriteriaId": "EB02DAA0-3E51-4419-82FB-1DAF9C8105B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.3-final:*:*:*:*:*:*:*",
"matchCriteriaId": "B6819AA8-E777-4C9A-9950-AD1F34C89B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.4-final:*:*:*:*:*:*:*",
"matchCriteriaId": "F69CE0DC-A1C8-4E88-BA6E-3A152697D36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02F52B0A-A6F9-4357-9E54-69794FE6568E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B80D8374-50AD-4710-9B6E-C31B67B98C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B85BDEE-B9B3-45E5-B1FC-F639B2351E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92CC66BD-4B63-4CA5-9F4E-A5F1FC6A86DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68155E38-F337-42CE-AE30-9482EBED8EA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements."
},
{
"lang": "es",
"value": "PythonScripts en Zope 2 2.11.2 y anteriores, como se usa en Conga y otros productos, permite a usuarios remotamente autentificados provocar una denegaci\u00f3n de servicio (agotamiento de recursos o parada de aplicaci\u00f3n) mediante ciertas sentencias (1) raise o (2) import."
}
],
"evaluatorComment": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt\r\n\r\nAffected Versions\r\n* Zope 2.7.0 to Zope 2.11.2\r\n\r\n---\r\n\r\nhttp://openwall.com/lists/oss-security/2008/11/12/2\r\n\r\nAffected Conga versions: - checked conga-0.9.1-8 (contains Zope2.7.5 RC2), conga-0.12.0-7.el5 (contains Zope-2.8.4),\r\n - but older,newer Conga versions can be also vulnerable to this issue (based on Zope 2 version).",
"id": "CVE-2008-5102",
"lastModified": "2024-11-21T00:53:17.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-17T18:18:47.983",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=246411"
},
{
"source": "cve@mitre.org",
"url": "http://mail.zope.org/pipermail/zope/2008-August/174025.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2008/11/12/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2418"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/Hotfix_20080812-1.1.0.tar.gz"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/zope2/+bug/257269"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/zope2/+bug/257276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=246411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.zope.org/pipermail/zope/2008-August/174025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2008/11/12/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2418"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/Hotfix_20080812-1.1.0.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/zope2/+bug/257269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/zope2/+bug/257276"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-10 10:55
Modified
2024-11-21 01:30
Severity ?
Summary
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| plone | plone | 4.0 | |
| plone | plone | 4.0.1 | |
| plone | plone | 4.0.2 | |
| plone | plone | 4.0.3 | |
| plone | plone | 4.0.4 | |
| plone | plone | 4.0.5 | |
| plone | plone | 4.0.6.1 | |
| plone | plone | 4.0.7 | |
| plone | plone | 4.0.8 | |
| plone | plone | 4.0.9 | |
| plone | plone | 4.1 | |
| plone | plone | 4.2 | |
| plone | plone | 4.2a1 | |
| plone | plone | 4.2a2 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.1 | |
| zope | zope | 2.12.2 | |
| zope | zope | 2.12.3 | |
| zope | zope | 2.12.4 | |
| zope | zope | 2.12.5 | |
| zope | zope | 2.12.6 | |
| zope | zope | 2.12.7 | |
| zope | zope | 2.12.8 | |
| zope | zope | 2.12.9 | |
| zope | zope | 2.12.10 | |
| zope | zope | 2.12.11 | |
| zope | zope | 2.12.12 | |
| zope | zope | 2.12.13 | |
| zope | zope | 2.12.14 | |
| zope | zope | 2.12.15 | |
| zope | zope | 2.12.16 | |
| zope | zope | 2.12.17 | |
| zope | zope | 2.12.18 | |
| zope | zope | 2.12.19 | |
| zope | zope | 2.12.20 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.0 | |
| zope | zope | 2.13.1 | |
| zope | zope | 2.13.2 | |
| zope | zope | 2.13.3 | |
| zope | zope | 2.13.4 | |
| zope | zope | 2.13.5 | |
| zope | zope | 2.13.6 | |
| zope | zope | 2.13.7 | |
| zope | zope | 2.13.8 | |
| zope | zope | 2.13.9 | |
| zope | zope | 2.13.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "72F3B15A-CD0F-4CC5-A76F-E62637B30E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2a1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA5A1E3-EC1E-482D-B074-1304FBF963F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2a2:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE6064F-67CC-4DA5-A4A8-D9E1F701B1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2704CA8B-2AB3-48C7-85DC-66F9AD667E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "020F418B-589E-4864-89DB-29AAFBF41491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "FCE1948E-7DA4-4F5B-8BE0-6F775356F286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "44497A5B-01FC-4931-A478-5BC1C0E2E155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a4:*:*:*:*:*:*",
"matchCriteriaId": "D53DE247-B6F9-43B5-A1C8-631183AF5FC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "0F6993A9-74C2-443B-8C58-FA5BA972573C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "029814EB-380B-4DE5-8E79-7DA8D3C78C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "BA8E46A4-1706-4E2D-9353-3E7F9C70E405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "CFF98E8F-3D3D-477E-A750-59C26156FD1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0F8805-2E74-40F6-BAE1-DB8187043611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3A0116-BDE0-490A-8CE6-0B4B0E003887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "73D8DF4A-46E9-4D1F-88DF-2C0EB274B280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB94584-6842-429F-A5E5-DFB3037B1DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3CB9CA-8F81-4E9B-B334-83D28DFBB44D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0262630B-153C-47D8-A852-ADCADED1B4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5E37A4-EE2F-4DCA-928F-553EDD487A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD494AD-C46F-455E-941B-8B6135EB3566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B485846-EC9D-426C-BFE0-A9E647D6C65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E814BB0A-D5D3-4756-8135-0A7EFF9D8538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A638BB63-7F91-4A5E-9FEC-C19E2A585CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "98FD488D-8C25-4553-8F3E-E4AEACCBD23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "821C6F9D-B9F5-4525-870C-1F57943B008C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB9641A-97D9-4AC7-85F8-1604D5EBFECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F5B68D-E59B-4605-869D-7FD5CCD7C6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.16:*:*:*:*:*:*:*",
"matchCriteriaId": "14D1EA26-9BB1-4917-94BC-2E08864770FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEB553C-21A6-4670-A37A-C2A7D360512D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5767213A-DD93-4FDF-9E0E-B90814D71BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.19:*:*:*:*:*:*:*",
"matchCriteriaId": "89E07BBF-DDAC-46E0-85E5-EAF01C8D3747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.20:*:*:*:*:*:*:*",
"matchCriteriaId": "46DF34B7-E1E9-4A28-B5D3-8ACDA2B0DDBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9050973E-3A55-4601-B03E-138C3187F858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "9B7A80F2-F98D-4147-971D-C0C8CC61171A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "20900397-13D4-423F-B34A-B9CF7E664290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "9D678FB1-C5EB-49DF-BAAD-81BB12AAA9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a4:*:*:*:*:*:*",
"matchCriteriaId": "4894BEE3-918A-4391-8EEC-37A5C0037E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "AE1ADEFB-09F4-4677-853D-670AC646C319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:c1:*:*:*:*:*:*",
"matchCriteriaId": "5BB1F4C5-4F42-40F5-9180-ED60257BD7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CD5888-B251-40B4-AF2D-F84ADCA66ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68EAFD75-6FA4-44D4-8F7E-4A1ADE2FE48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6623BA51-B166-41B6-A5AD-8230AD866B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FE75C9-A9F0-40DB-B808-EC6015DE6613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5C04B10C-5E7F-4FB8-9EF0-A27C7E1B938A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D23B7F57-303C-41CE-8183-BE98799CB725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C42775B2-DF65-4CFE-9D75-4718AE19F994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "58756ADE-20C0-42E3-8732-CADF383D42C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E75387-929B-44C0-BC03-EA3B89B724D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD7C03B-191C-414D-961D-A572481ACA19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Zope v2.12.x y v2.13.x, tal como se usa en Plone v4.0.x hasta v4.0.9., v4.1, y v4.2 hasta v4.2a2, permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de vectores relacionados con el p_ class en OFS/misc_.py y el uso de m\u00f3dulos Python."
}
],
"id": "CVE-2011-3587",
"lastModified": "2024-11-21T01:30:48.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-10-10T10:55:06.787",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20110928"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46221"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46323"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110928/PloneHotfix20110928-1.0.zip"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20110928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://pypi.python.org/pypi/Products.PloneHotfix20110928/1.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://zope2.zope.org/news/security-vulnerability-announcement-cve-2011-3587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742297"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-10-20 04:00
Modified
2024-11-20 23:33
Severity ?
Summary
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B2B101-676C-4EF3-90FB-7B5D36D1ADF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C49596F-E215-4B70-8397-3C247F509D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "23673C10-0D61-4835-A37C-9AAA00F1DA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2_beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "33CAC1ED-C055-4526-AE2A-E758C8960466",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request."
}
],
"id": "CVE-2000-0725",
"lastModified": "2024-11-20T23:33:09.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2000/20000821"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-052.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1577"
},
{
"source": "cve@mitre.org",
"url": "http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2000/20000821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-21 14:15
Modified
2024-11-21 06:07
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "801F96D6-B2E2-4BA9-9208-7DB0B327BB93",
"versionEndIncluding": "4.3.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49BC6F68-1C5B-4EE6-AF9C-5C28E86CC669",
"versionEndIncluding": "5.2.4",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AED4C9A0-041A-4646-B34B-901DD7EA0652",
"versionEndExcluding": "4.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34E88218-F6D6-45B7-B3CC-F97EF7FA2E22",
"versionEndExcluding": "5.2",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites that allow untrusted users to add/edit Zope Page Templates through the web are at risk from this vulnerability. The problem has been fixed in Zope 5.2 and 4.6. As a workaround, a site administrator can restrict adding/editing Zope Page Templates through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing Zope Page Templates through the web should be restricted to trusted users only."
},
{
"lang": "es",
"value": "Zope es un servidor de aplicaciones web de c\u00f3digo abierto.\u0026#xa0;En las versiones de Zope anteriores a 4.6 y 5.2, los usuarios pueden acceder a m\u00f3dulos que no son confiables indirectamente por medio de m\u00f3dulos de Python que est\u00e1n disponibles para uso directo.\u0026#xa0;Por defecto, solo los usuarios con la funci\u00f3n de administrador pueden agregar o editar Zope Page Templates por medio de la web, pero los sitios que permiten a usuarios no confiables agregar y editar plantillas de p\u00e1gina de Zope por medio de la web est\u00e1n en riesgo de esta vulnerabilidad.\u0026#xa0;El problema se ha solucionado en Zope versiones 5.2 y 4.6.\u0026#xa0;Como soluci\u00f3n alternativa, un administrador del sitio puede restringir la adici\u00f3n y edici\u00f3n de plantillas de p\u00e1gina Zope por medio de la web utilizando los mecanismos est\u00e1ndar de permisos user/role de Zope. Usuarios no confiables no debe ser asignado el rol de administrador de Zope y Zope Page Templates de adici\u00f3n y edici\u00f3n por medio de la web debe estar restringida solo a usuarios confiables"
}
],
"id": "CVE-2021-32633",
"lastModified": "2024-11-21T06:07:25.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-21T14:15:07.977",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/21/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/commit/1f8456bf1f908ea46012537d52bd7e752a532c91"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-04 21:15
Modified
2024-11-21 08:25
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "945F18A2-06BA-4B4B-A159-C98E0C2AD2E5",
"versionEndExcluding": "4.8.11",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB6AD5C-64B6-4EDE-B24F-38D833200E41",
"versionEndExcluding": "5.8.6",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6."
},
{
"lang": "es",
"value": "Zope es un servidor de aplicaciones web de c\u00f3digo abierto. La propiedad title, disponible en la mayor\u00eda de los objetos Zope, se puede utilizar para almacenar c\u00f3digo de script que se ejecuta mientras se visualiza el objeto afectado en Zope Management Interface (ZMI). Todas las versiones de Zope 4 y Zope 5 se ven afectadas. Los parches se lanzar\u00e1n con las versiones 4.8.11 y 5.8.6 de Zope."
}
],
"id": "CVE-2023-44389",
"lastModified": "2024-11-21T08:25:48.073",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 2.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-04T21:15:10.360",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/zopefoundation/Zope/commit/21dfa78609ffd8b6bd8143805678ebbacae5141a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/zopefoundation/Zope/commit/aeaf2cdc80dff60815e3706af448f086ddc3b98d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-m755-gxxg-r5qh"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-23 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54DFA87E-DC83-40A8-AAC1-40B37F024255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "484BD5DA-B3D7-41C4-8E02-AE8C4EBEC5A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes."
},
{
"lang": "es",
"value": "El plug-in de capacidad de soporte de \u00edndice ZCatalog para Zope 2.4.0 a 2.5.1 permite a usuarios an\u00f3nimos y c\u00f3digo no de confianza evadir ciertas restricciones y llamar a m\u00e9todos arbitrarios de \u00ednidices de cat\u00e1logos."
}
],
"id": "CVE-2002-0688",
"lastModified": "2024-11-20T23:39:38.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-23T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-490"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9610.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5812"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9610.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2024-11-21 01:44
Severity ?
Summary
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68DFE77F-FB22-49E7-A4EF-AB3DA40F419A",
"versionEndIncluding": "2.13.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "484BD5DA-B3D7-41C4-8E02-AE8C4EBEC5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60254EFC-026C-41A9-8587-ED22B2570CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "98388A7B-2DE4-4C40-9135-EB4BAD6BC69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E296CD1C-2601-4A63-9E9D-38A39C84BF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA38381-4C32-4C55-8116-341028D1888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B294E38-65FD-474D-BABC-9447EF33202A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "685805FD-1A33-480E-A313-255EDF0B5266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D827148D-4A8A-41DB-91B6-0049706D53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0273EF1B-BC64-432F-8966-68547DFAD6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A52CDCE-172C-4FAC-9015-ACF362E8E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "244107E5-42B0-4695-BBC9-5B90AD0A1336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62BCE60F-9081-44D3-87FC-396D1A954626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2759CCE-3A1F-4E3F-9832-8BF3AA4F20F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0279FD6-9E30-429A-BB70-9B7AF7055160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8ABCF-A7BE-4AB7-BFE9-CF29F7E02860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6561FF26-91C5-40AF-8AA6-E98D295AC33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF323F8-6F93-46CB-A94C-B0774C54188F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF07C5D-DE44-409F-87B6-FB713BAF2547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AACD00C8-F451-4B27-855F-57B6F38A28E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A85B5F4-C731-45F7-801F-8399B06EE135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "52629E94-50DC-4F00-8F96-217F4F2B82B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92CC66BD-4B63-4CA5-9F4E-A5F1FC6A86DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68155E38-F337-42CE-AE30-9482EBED8EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7994032-FEBB-4FD3-9808-A7B277CAD8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C675DA8E-D981-4CFE-8EF7-04FD187DC5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9050973E-3A55-4601-B03E-138C3187F858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CD5888-B251-40B4-AF2D-F84ADCA66ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68EAFD75-6FA4-44D4-8F7E-4A1ADE2FE48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6623BA51-B166-41B6-A5AD-8230AD866B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FE75C9-A9F0-40DB-B808-EC6015DE6613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5C04B10C-5E7F-4FB8-9EF0-A27C7E1B938A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D23B7F57-303C-41CE-8183-BE98799CB725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C42775B2-DF65-4CFE-9D75-4718AE19F994",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "58756ADE-20C0-42E3-8732-CADF383D42C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E75387-929B-44C0-BC03-EA3B89B724D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors."
},
{
"lang": "es",
"value": "La funci\u00f3n App.Undo.UndoSupport.get_request_var_or_attr en Zope anterior a 2.12.21 y 3.13.x anterior a 2.13.11, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, permite a usuarios remotos autenticados ganar el acceso a atributos restringidos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2012-5489",
"lastModified": "2024-11-21T01:44:45.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/zope2/+bug/1079238"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/zope2/+bug/1079238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/05"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 17:29
Modified
2024-11-21 01:11
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B149F59C-5FD4-4C77-A13B-EABFB3751CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "364BF6B5-3C83-41D3-A934-40BD0C4D05ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E44409DF-0B7A-42C5-B499-64AA62AE7F29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02F52B0A-A6F9-4357-9E54-69794FE6568E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B80D8374-50AD-4710-9B6E-C31B67B98C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B85BDEE-B9B3-45E5-B1FC-F639B2351E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5C2E63-04C5-4F91-8649-0C7F0E9B4D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7994032-FEBB-4FD3-9808-A7B277CAD8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B740CAB6-4459-4934-9731-954BF6DAC019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2704CA8B-2AB3-48C7-85DC-66F9AD667E0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de tipo cross-Site Scripting (XSS) en p\u00e1ginas ZMI que emplean manage_tabs_message en Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12."
}
],
"id": "CVE-2009-5145",
"lastModified": "2024-11-21T01:11:16.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T17:29:00.173",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://cve.killedkenny.io/cve/CVE-2009-5145"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/02/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72792/info"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/zope2/+bug/490514"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2009-5145/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://cve.killedkenny.io/cve/CVE-2009-5145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/03/02/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/72792/info"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/zope2/+bug/490514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/commit/2abdf14620f146857dc8e3ffd2b6a754884c331d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2009-5145/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-08-22 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "602119E0-1562-4175-AC81-BB057BE2C1BE",
"versionEndIncluding": "2.3.1_b1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet."
}
],
"id": "CVE-2001-0569",
"lastModified": "2024-11-20T23:35:40.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-08-22T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000382"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-043"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000382"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-08 20:00
Modified
2024-11-21 01:18
Severity ?
Summary
ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zope | zope | 2.10.0-b1 | |
| zope | zope | 2.10.0-b2 | |
| zope | zope | 2.10.0-c1 | |
| zope | zope | 2.10.0-final | |
| zope | zope | 2.10.2 | |
| zope | zope | 2.10.2-b1 | |
| zope | zope | 2.10.2-final | |
| zope | zope | 2.10.3 | |
| zope | zope | 2.10.3-final | |
| zope | zope | 2.10.4-final | |
| zope | zope | 2.10.5 | |
| zope | zope | 2.10.6 | |
| zope | zope | 2.10.7 | |
| zope | zope | 2.10.8 | |
| zope | zope | 2.10.9 | |
| zope | zope | 2.10.10 | |
| zope | zope | 2.10.11 | |
| zope | zope | 2.11.0 | |
| zope | zope | 2.11.0a1 | |
| zope | zope | 2.11.0b1 | |
| zope | zope | 2.11.0c1 | |
| zope | zope | 2.11.1 | |
| zope | zope | 2.11.2 | |
| zope | zope | 2.11.3 | |
| zope | zope | 2.11.4 | |
| zope | zope | 2.11.5 | |
| zope | zope | 2.11.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.10.0-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "A41D4E4B-EFEF-46E8-99E5-BA1B691F0673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.0-b2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1685B1-4E40-4341-A4FD-54409EF5160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.0-c1:*:*:*:*:*:*:*",
"matchCriteriaId": "7490F597-C4C5-4CF1-8090-08FB3B1A8ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.0-final:*:*:*:*:*:*:*",
"matchCriteriaId": "43997ED2-9214-42D9-8404-23BC5B79139E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "364BF6B5-3C83-41D3-A934-40BD0C4D05ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.2-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE608607-2800-4B9F-814B-3E339E2F86A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.2-final:*:*:*:*:*:*:*",
"matchCriteriaId": "EB02DAA0-3E51-4419-82FB-1DAF9C8105B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A85B5F4-C731-45F7-801F-8399B06EE135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.3-final:*:*:*:*:*:*:*",
"matchCriteriaId": "B6819AA8-E777-4C9A-9950-AD1F34C89B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.4-final:*:*:*:*:*:*:*",
"matchCriteriaId": "F69CE0DC-A1C8-4E88-BA6E-3A152697D36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02F52B0A-A6F9-4357-9E54-69794FE6568E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B80D8374-50AD-4710-9B6E-C31B67B98C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B85BDEE-B9B3-45E5-B1FC-F639B2351E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "52629E94-50DC-4F00-8F96-217F4F2B82B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5C2E63-04C5-4F91-8649-0C7F0E9B4D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D2758FAA-DA98-468D-A116-EA2F89F6EBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4322F9-96DC-4907-A091-DC63B02DCEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92CC66BD-4B63-4CA5-9F4E-A5F1FC6A86DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "609A682A-9233-40FE-BF48-EB8645A98182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "8816B911-9FA2-41C9-BAF4-4ED902EAB518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0c1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF76AB3F-8AC4-4176-9126-48E929911C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68155E38-F337-42CE-AE30-9482EBED8EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7994032-FEBB-4FD3-9808-A7B277CAD8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C675DA8E-D981-4CFE-8EF7-04FD187DC5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B740CAB6-4459-4934-9731-954BF6DAC019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AEA03-622E-415C-972B-5733110B6396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9D6ADED-7B4D-4E4F-8EDE-8D933B9861A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions."
},
{
"lang": "es",
"value": "ZServer de Zope v2.10.x anterior a v2.10.12 y v2.11x anterior a v2.11.7 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de los procesos activos) a trav\u00e9s de vectores que provoquen excepciones no controladas."
}
],
"id": "CVE-2010-3198",
"lastModified": "2024-11-21T01:18:15.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-08T20:00:04.573",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42939"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2275"
},
{
"source": "cve@mitre.org",
"url": "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/zope2/+bug/627988"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2010-September/002247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zope.org/Products/Zope/2.10.12/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zope.org/Products/Zope/2.11.7/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/zope2/+bug/627988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2010-September/002247.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-02 22:15
Modified
2024-11-21 06:07
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Products.PythonScripts` add-on package installed. By default, one must have the admin-level Zope "Manager" role to add or edit Script (Python) objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web are at risk. Zope releases 4.6.3 and 5.3 are not vulnerable. As a workaround, a site administrator can restrict adding/editing Script (Python) objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zope | accesscontrol | * | |
| zope | accesscontrol | * | |
| zope | zope | * | |
| zope | zope | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:accesscontrol:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8538D35C-EA69-4A87-8DBB-D6522F8C7422",
"versionEndExcluding": "4.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:accesscontrol:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34F2C931-DCB6-4326-BBDF-2E9B13946D55",
"versionEndExcluding": "5.2",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30CF6645-50E3-42F0-8E21-8476237210C8",
"versionEndExcluding": "4.6.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63A55EE7-7617-407F-83AB-219EA3769E61",
"versionEndExcluding": "5.3",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one\u0027s Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Products.PythonScripts` add-on package installed. By default, one must have the admin-level Zope \"Manager\" role to add or edit Script (Python) objects through the web. Only sites that allow untrusted users to add/edit these scripts through the web are at risk. Zope releases 4.6.3 and 5.3 are not vulnerable. As a workaround, a site administrator can restrict adding/editing Script (Python) objects through the web using the standard Zope user/role permission mechanisms. Untrusted users should not be assigned the Zope Manager role and adding/editing these scripts through the web should be restricted to trusted users only. This is the default configuration in Zope."
},
{
"lang": "es",
"value": "Zope es un servidor de aplicaciones web de c\u00f3digo abierto. Zope versiones anteriores a 4.6.3 y 5.3 tienen un problema de seguridad de ejecuci\u00f3n de c\u00f3digo remota . Para ser afectado, uno debe usar Python 3 para su despliegue de Zope, ejecutar Zope 4 por debajo de la versi\u00f3n 4.6.3 o Zope 5 por debajo de la versi\u00f3n 5.3, y tener el paquete adicional opcional \"Products.PythonScripts\" instalado. Por defecto, hay que tener el rol de \"Manager\" de Zope a nivel de administrador para a\u00f1adir o editar objetos Script (Python) mediante la web. S\u00f3lo los sitios que permiten a usuarios no confiables a\u00f1adir/editar estos scripts mediante la web est\u00e1n en riesgo. Zope versiones 4.6.3 y 5.3 no son vulnerables. Como soluci\u00f3n, el administrador del sitio puede restringir la adici\u00f3n/edici\u00f3n de objetos Script (Python) mediante la web usando los mecanismos est\u00e1ndar de permisos de usuario/rol de Zope. Los usuarios que no son de confianza no se les deber\u00eda asignar el rol de Administrador de Zope y a\u00f1adir/editar estos scripts mediante la web deber\u00eda estar restringido s\u00f3lo a usuarios de confianza. Esta es la configuraci\u00f3n predeterminada en Zope"
}
],
"id": "CVE-2021-32811",
"lastModified": "2024-11-21T06:07:47.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-02T22:15:08.333",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-qcx9-j53g-ccgf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/commit/f72a18dda8e9bf2aedb46168761668464a4be988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/zopefoundation/Zope/security/advisories/GHSA-g4gq-j4p2-j8fr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-915"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-07 23:05
Modified
2024-11-21 00:13
Severity ?
Summary
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zope | zope | 2.7.0 | |
| zope | zope | 2.7.1 | |
| zope | zope | 2.7.2 | |
| zope | zope | 2.7.3 | |
| zope | zope | 2.7.4 | |
| zope | zope | 2.7.5 | |
| zope | zope | 2.7.6 | |
| zope | zope | 2.7.7 | |
| zope | zope | 2.7.8 | |
| zope | zope | 2.8.0 | |
| zope | zope | 2.8.1 | |
| zope | zope | 2.8.2 | |
| zope | zope | 2.8.3 | |
| zope | zope | 2.8.4 | |
| zope | zope | 2.8.5 | |
| zope | zope | 2.8.6 | |
| zope | zope | 2.8.7 | |
| zope | zope | 2.9.0 | |
| zope | zope | 2.9.1 | |
| zope | zope | 2.9.2 | |
| zope | zope | 2.9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E296CD1C-2601-4A63-9E9D-38A39C84BF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF9B22D-6EF3-4364-A016-041457C4DFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "88153606-52FE-4C0B-88CD-B76538C19055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA38381-4C32-4C55-8116-341028D1888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B294E38-65FD-474D-BABC-9447EF33202A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "685805FD-1A33-480E-A313-255EDF0B5266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D827148D-4A8A-41DB-91B6-0049706D53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0273EF1B-BC64-432F-8966-68547DFAD6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A52CDCE-172C-4FAC-9015-ACF362E8E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "234C776B-C053-484C-ADE4-ED270064943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "244107E5-42B0-4695-BBC9-5B90AD0A1336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93785E75-3F82-471E-B802-6337A6469AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B34066B4-CE72-4271-9CFD-F725F7D17C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81028DBB-7A75-4D27-8027-947F15CAA21E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62BCE60F-9081-44D3-87FC-396D1A954626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA09D22-779C-4E63-B216-B931FA11E014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EC9CB4D-3DE0-425B-9897-03C23379B5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82D9A178-BF69-4C23-BEC8-D175FD58E10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0279FD6-9E30-429A-BB70-9B7AF7055160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8ABCF-A7BE-4AB7-BFE9-CF29F7E02860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files."
},
{
"lang": "es",
"value": "Zope 2.7.0 a 2.7.8, 2.8.0 a 2.8.7, y 2.9.0 a 2.9.3 (Zope2) no desabilita el comando \"raw\" cuando se mantiene a usuarios no v\u00e1lidos con la funcionalidad de texto reestructurado (reStructuredText) desde docutils, lo cual permite a usuarios locales leer archivos de su elecci\u00f3n."
}
],
"id": "CVE-2006-3458",
"lastModified": "2024-11-21T00:13:39.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-07T23:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20988"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21025"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21130"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21459"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1113"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18856"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2681"
},
{
"source": "cve@mitre.org",
"url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/317-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21130"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/317-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-03 22:55
Modified
2024-11-21 01:46
Severity ?
Summary
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C49083E-AD3B-47DD-A66B-911912EF46B3",
"versionEndIncluding": "2.13.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2)."
},
{
"lang": "es",
"value": "Zope anterior a 2.13.19, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, no resiembra el generador de n\u00fameros seudo aleatorios (PRNG), lo que facilita a atacantes remotos adivinar el valor a trav\u00e9s de vectores no especificados. NOTA: este problema fue dividido (SPLIT) de CVE-2012-5508 debido a tipos diferentes de vulnerabilidades (ADT2)."
}
],
"id": "CVE-2012-6661",
"lastModified": "2024-11-21T01:46:38.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-03T22:55:05.930",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "cve@mitre.org",
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://plone.org/products/plone-hotfix/releases/20121124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/24"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-10-10 04:00
Modified
2024-11-20 23:37
Severity ?
Summary
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CF3C0DAC-01B0-4C9D-9AA2-8F02F974DCFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A13ABF-9850-4AB8-A0C9-8D6B9F3D9862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15B80335-5F59-4530-A241-437367369BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "53427D40-495B-4F37-95A5-6D069186CBB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB2FC39-A95D-414E-A67E-66AF79A12CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "925BC42D-02B5-4B6F-ADC6-156407868276",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags."
}
],
"id": "CVE-2001-1227",
"lastModified": "2024-11-20T23:37:11.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-10-10T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2001-072.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-115.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3425"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2001-072.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-115.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7271"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-22 18:19
Modified
2024-11-21 00:25
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE498FB-2699-408A-8FA5-7DCDC44827BA",
"versionEndIncluding": "2.10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Zope 2.10.2 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante vectores sin especificar en una petici\u00f3n HTTP GET."
}
],
"id": "CVE-2007-0240",
"lastModified": "2024-11-21T00:25:19.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-22T18:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24017"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24713"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25239"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1275"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23084"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1041"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33187"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect Zope included within the conga package shipped with Red Hat Enterprise Linux 5.\n",
"lastModified": "2007-04-02T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 14:55
Modified
2024-11-21 01:44
Severity ?
Summary
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "484BD5DA-B3D7-41C4-8E02-AE8C4EBEC5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "60254EFC-026C-41A9-8587-ED22B2570CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "98388A7B-2DE4-4C40-9135-EB4BAD6BC69E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E296CD1C-2601-4A63-9E9D-38A39C84BF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA38381-4C32-4C55-8116-341028D1888A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B294E38-65FD-474D-BABC-9447EF33202A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "685805FD-1A33-480E-A313-255EDF0B5266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D827148D-4A8A-41DB-91B6-0049706D53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0273EF1B-BC64-432F-8966-68547DFAD6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5A52CDCE-172C-4FAC-9015-ACF362E8E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "244107E5-42B0-4695-BBC9-5B90AD0A1336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62BCE60F-9081-44D3-87FC-396D1A954626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2759CCE-3A1F-4E3F-9832-8BF3AA4F20F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0279FD6-9E30-429A-BB70-9B7AF7055160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8ABCF-A7BE-4AB7-BFE9-CF29F7E02860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6561FF26-91C5-40AF-8AA6-E98D295AC33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF323F8-6F93-46CB-A94C-B0774C54188F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF07C5D-DE44-409F-87B6-FB713BAF2547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AACD00C8-F451-4B27-855F-57B6F38A28E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A85B5F4-C731-45F7-801F-8399B06EE135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "52629E94-50DC-4F00-8F96-217F4F2B82B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92CC66BD-4B63-4CA5-9F4E-A5F1FC6A86DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68155E38-F337-42CE-AE30-9482EBED8EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7994032-FEBB-4FD3-9808-A7B277CAD8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C675DA8E-D981-4CFE-8EF7-04FD187DC5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE141CF-0196-4DCA-B328-84F8EA3D6804",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17D1DF1B-1EAE-4B2E-89D5-A97301AE3164",
"versionEndIncluding": "4.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2A9AE1-47C9-4073-BC2C-08C62874FFF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3802A1E1-0816-449E-858E-20039F4ED5DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1E9D9C-97A0-4093-9492-493B1B4CD4B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4099B8D1-1F79-4BFB-943E-158E7394D90B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E119C-876F-4226-AF5F-44763EEBA29A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4937F4A-147C-4AD8-BB88-C3C3C9C8ADBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "035E2851-A3D4-4E90-8602-F500DC469C3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2BDEAEAC-3B26-4C95-865C-326ACD793133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA5D3643-BFBB-48BE-802C-D6CD940945F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FC29D0-66F9-4A1A-86A6-8FD427825112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E33FEC-33DA-45AC-8095-0D3C74FADC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4FC93EC3-FE5D-410E-8DE5-2346D839F56C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "67D4EB7F-BC46-4F2E-B065-303961C47B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08747064-EC22-40B4-92EF-4640788FE55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4EB85E3-9A76-4B79-AF7D-91484784A2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78755057-2613-4D5E-8F59-2C117EE282B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D49359CD-63EF-4D3A-92DC-C16DEE88138B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9DE940BA-B784-4193-AB77-333F15B6C32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9762C674-380B-4831-BBA1-3B27742121B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D938645-80CE-4287-830E-A3BD0C5C84FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0F7BFC-DC20-46B3-90E7-264E3A8A7886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C09C10-AEA0-41F4-B964-507B40580BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60568E-A688-46AF-B627-062A029A7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8B635DAD-AC53-4484-8750-200B662DAFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47321B60-67DA-4543-B173-D629A9569B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58B36EB2-723F-4E25-8018-EEB2BE806D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7962EF74-6AC1-424C-A202-163AFDADA971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1818BB-E23A-4136-898D-1D0C80C08728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a1:*:*:*:*:*:*",
"matchCriteriaId": "4E75A96E-2471-442A-8502-8F34EF18A477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:a2:*:*:*:*:*:*",
"matchCriteriaId": "7971F6D6-8885-4D2A-BCDF-96D3D0C78841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b1:*:*:*:*:*:*",
"matchCriteriaId": "0489DDC0-E65A-4EAD-854B-033307C2945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:b2:*:*:*:*:*:*",
"matchCriteriaId": "659407BA-C011-4632-A355-41BD418EFA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "42729F4A-C726-4955-80DB-68A18F774F05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9C9F5C87-AD89-4E99-BA1D-E922CD0D7691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E59B50E-FF75-4A97-B76A-288A2981D4FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CB06627-133A-40D1-8816-E31E0A9BAD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE6B05A-1655-4FC1-AB07-0DF71F0021A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CE168A35-1A46-4A6F-8A08-25CDD886066D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation."
},
{
"lang": "es",
"value": "AccessControl/AuthEncoding.py en Zope anterior a 2.13.19, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, permite a atacantes remotos obtener contrase\u00f1as a trav\u00e9s de vectores que involucran discrepancias de tiempos en la validaci\u00f3n de contrase\u00f1as."
}
],
"id": "CVE-2012-5507",
"lastModified": "2024-11-21T01:44:47.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T14:55:06.953",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/zope2/+bug/1071067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/products/plone/security/advisories/20121106/23"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-06-15 04:00
Modified
2024-11-20 23:32
Severity ?
Summary
The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | linux_powertools | 6.1 | |
| redhat | linux_powertools | 6.2 | |
| zope | zope | 1.10.3 | |
| zope | zope | 2.1.1 | |
| zope | zope | 2.1.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:linux_powertools:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAEE3A85-0A4C-4763-A141-AC27ECFDC2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:linux_powertools:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AE3BF4-237D-4D84-9753-512A642141A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B2B101-676C-4EF3-90FB-7B5D36D1ADF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C49596F-E215-4B70-8397-3C247F509D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "23673C10-0D61-4835-A37C-9AAA00F1DA30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization."
}
],
"id": "CVE-2000-0483",
"lastModified": "2024-11-20T23:32:36.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-06-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2000-038.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1354"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000616103807.A3768%40conectiva.com.br"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2000-038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000616103807.A3768%40conectiva.com.br"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4716"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-25 18:15
Modified
2024-11-21 01:33
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18F34601-DEF2-4715-9C05-C16F59A14010",
"versionEndExcluding": "2.8.12",
"versionStartIncluding": "2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "100B42FF-E1E2-4DDD-91FD-3480E3BDAB7E",
"versionEndExcluding": "2.9.12",
"versionStartIncluding": "2.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6E66BF-05D6-455F-B2AC-474E2B71BE37",
"versionEndExcluding": "2.10.11",
"versionStartIncluding": "2.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC9DD19-26D6-4714-A151-09C2704CE283",
"versionEndExcluding": "2.11.6",
"versionStartIncluding": "2.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B1FD770-6592-4A06-9651-31273F0063C7",
"versionEndExcluding": "2.12.3",
"versionStartIncluding": "2.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A60C53AC-C3BA-433E-AD1E-C91DF7CF545E",
"versionEndIncluding": "3.4.1",
"versionStartIncluding": "3.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform sanitization. NOTE: this issue exists because of an incomplete fix for CVE-2010-1104"
},
{
"lang": "es",
"value": "Vulnerabilidad de tipo cross-site scripting (XSS) en Zope versiones 2.8.x anteriores a 2.8.12, versiones 2.9.x anteriores a 2.9.12, versiones 2.10.x anteriores a 2.10.11, versiones 2.11.x anteriores a 2.11.6 y versiones 2.12.x versiones anteriores a 2.12.3 , versiones 3.1.1 hasta 3.4.1, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores relacionados con la forma en que los mensajes de error realizan el saneamiento. NOTA: este problema se presenta debido a una soluci\u00f3n incompleta para CVE-2010-1104"
}
],
"id": "CVE-2011-4924",
"lastModified": "2024-11-21T01:33:18.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-25T18:15:11.440",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/17"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/18"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/19"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4924"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/01/19/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2011-4924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-4924"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-21 22:15
Modified
2024-11-21 06:08
Severity ?
Summary
Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/05/22/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "801F96D6-B2E2-4BA9-9208-7DB0B327BB93",
"versionEndIncluding": "4.3.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49BC6F68-1C5B-4EE6-AF9C-5C28E86CC669",
"versionEndIncluding": "5.2.4",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E831566-05DD-4090-A035-1E88806B67B4",
"versionEndExcluding": "2.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS."
},
{
"lang": "es",
"value": "Zope Products.CMFCore. versiones anteriores a 2.5.1, y Products.PluggableAuthService versiones anteriores a 2.6.2, como es usado en Plone versiones hasta 5.2.4, y otros productos, permiten un ataque de tipo XSS Reflejado"
}
],
"id": "CVE-2021-33507",
"lastModified": "2024-11-21T06:08:58.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-21T22:15:08.470",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://plone.org/security/hotfix/20210518/reflected-xss-in-various-spots"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-06 18:15
Modified
2024-11-21 08:20
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zope | accesscontrol | * | |
| zope | accesscontrol | * | |
| zope | accesscontrol | * | |
| zope | zope | * | |
| zope | zope | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:accesscontrol:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80528419-1860-4426-8384-A9DC16FF770F",
"versionEndExcluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:accesscontrol:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2BAF08-A726-4A9F-909D-733829F76FA2",
"versionEndExcluding": "5.8",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:accesscontrol:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B49795D9-E2CD-4F45-A486-3B8D199BE3CC",
"versionEndExcluding": "6.2",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EABFCB8-F6C1-4425-B7D4-3241531B0FC6",
"versionEndExcluding": "4.8.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:*:*:*:*:*:*:*:*",
"matchCriteriaId": "373E139B-C96D-4CDA-8961-284CCE134B0D",
"versionEndExcluding": "5.8.4",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AccessControl provides a general security framework for use in Zope. Python\u0027s \"format\" functionality allows someone controlling the format string to \"read\" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python\u0027s full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "AccessControl proporciona un marco de seguridad general para su uso en Zope. La funcionalidad \"format\" de Python permite que alguien que controle la cadena de formato \"lea\" objetos accesibles (recursivamente) mediante acceso a atributos y suscripci\u00f3n desde objetos accesibles. Esos accesos a atributos y suscripciones utilizan las variantes `getattr` y `getitem` completas de Python, no las variantes `_getattr_` y `_getitem_` restringidas por pol\u00edticas de `AccessControl`. Esto puede conducir a la divulgaci\u00f3n de informaci\u00f3n cr\u00edtica. `AccessControl` ya proporciona una variante segura para `str.format` y niega el acceso a `string.Formatter`. Sin embargo, `str.format_map` todav\u00eda no es seguro. Los afectados son todos los usuarios que permiten a usuarios no confiables crear c\u00f3digo Python controlado por `AccessControl` y ejecutarlo. Se ha introducido una soluci\u00f3n en las versiones 4.4, 5.8 y 6.2. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-41050",
"lastModified": "2024-11-21T08:20:27.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T18:15:08.847",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-8xv7-89vj-q48c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/zopefoundation/AccessControl/commit/6bc32692e0d4b8d5cf64eae3d19de987c7375bc9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/zopefoundation/AccessControl/security/advisories/GHSA-8xv7-89vj-q48c"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-25 17:30
Modified
2024-11-21 01:13
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zope | zope | 2.8 | |
| zope | zope | 2.8.0 | |
| zope | zope | 2.8.0-a1 | |
| zope | zope | 2.8.0-a2 | |
| zope | zope | 2.8.0-b1 | |
| zope | zope | 2.8.0-b2 | |
| zope | zope | 2.8.0-final | |
| zope | zope | 2.8.1 | |
| zope | zope | 2.8.1-b1 | |
| zope | zope | 2.8.1-final | |
| zope | zope | 2.8.2 | |
| zope | zope | 2.8.3 | |
| zope | zope | 2.8.4 | |
| zope | zope | 2.8.5 | |
| zope | zope | 2.8.6 | |
| zope | zope | 2.8.7 | |
| zope | zope | 2.8.8 | |
| zope | zope | 2.8.9 | |
| zope | zope | 2.8.9.1 | |
| zope | zope | 2.8.10 | |
| zope | zope | 2.8.11 | |
| zope | zope | 2.9.0 | |
| zope | zope | 2.9.0-b1 | |
| zope | zope | 2.9.0-b2 | |
| zope | zope | 2.9.1 | |
| zope | zope | 2.9.2 | |
| zope | zope | 2.9.3 | |
| zope | zope | 2.9.4 | |
| zope | zope | 2.9.5 | |
| zope | zope | 2.9.6 | |
| zope | zope | 2.9.7 | |
| zope | zope | 2.9.8 | |
| zope | zope | 2.9.9 | |
| zope | zope | 2.9.10 | |
| zope | zope | 2.9.11 | |
| zope | zope | 2.10.0-b1 | |
| zope | zope | 2.10.0-b2 | |
| zope | zope | 2.10.0-c1 | |
| zope | zope | 2.10.0-final | |
| zope | zope | 2.10.2 | |
| zope | zope | 2.10.2-b1 | |
| zope | zope | 2.10.2-final | |
| zope | zope | 2.10.3 | |
| zope | zope | 2.10.3-final | |
| zope | zope | 2.10.4-final | |
| zope | zope | 2.10.5 | |
| zope | zope | 2.10.6 | |
| zope | zope | 2.10.7 | |
| zope | zope | 2.10.8 | |
| zope | zope | 2.10.9 | |
| zope | zope | 2.10.10 | |
| zope | zope | 2.10.11 | |
| zope | zope | 2.11.0 | |
| zope | zope | 2.11.0a1 | |
| zope | zope | 2.11.0b1 | |
| zope | zope | 2.11.0c1 | |
| zope | zope | 2.11.1 | |
| zope | zope | 2.11.2 | |
| zope | zope | 2.11.3 | |
| zope | zope | 2.11.4 | |
| zope | zope | 2.11.5 | |
| zope | zope | 2.12.0 | |
| zope | zope | 2.12.1 | |
| zope | zope | 2.12.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBE7CB7-45A5-4FDA-A677-912301149C2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "234C776B-C053-484C-ADE4-ED270064943F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0-a1:*:*:*:*:*:*:*",
"matchCriteriaId": "4119535A-9B8C-45F2-B083-E6ABB3E08393",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0-a2:*:*:*:*:*:*:*",
"matchCriteriaId": "7ADFE72D-9A97-4A76-A811-024DF90AD86A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5B98B5-A2D7-4A71-AF16-7A57AA271252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0-b2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B31785F-2DF7-4836-9933-7401F3303D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.0-final:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A443D6-6079-4F15-83CC-78637A4CFF72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "244107E5-42B0-4695-BBC9-5B90AD0A1336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "94F1CF87-3A0E-437C-B8B9-92518D82092D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.1-final:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1A6CB8-661E-4BBB-846E-43A537CA4A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "93785E75-3F82-471E-B802-6337A6469AF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B34066B4-CE72-4271-9CFD-F725F7D17C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81028DBB-7A75-4D27-8027-947F15CAA21E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "62BCE60F-9081-44D3-87FC-396D1A954626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA09D22-779C-4E63-B216-B931FA11E014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2759CCE-3A1F-4E3F-9832-8BF3AA4F20F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EBDE5C-4529-4BA2-81A2-A87F65462608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25D8B724-8D66-4025-9374-982416282500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F87953F-C2F1-4284-819D-BA4BD74008C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE4A276-F143-40CD-AEB5-584688D3F910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EC9CB4D-3DE0-425B-9897-03C23379B5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.0-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3643AA3-4997-4E12-9652-4DBC55D2FA27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.0-b2:*:*:*:*:*:*:*",
"matchCriteriaId": "A85A6886-D27B-48A1-9749-7CA301B579DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82D9A178-BF69-4C23-BEC8-D175FD58E10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0279FD6-9E30-429A-BB70-9B7AF7055160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78E8ABCF-A7BE-4AB7-BFE9-CF29F7E02860",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6561FF26-91C5-40AF-8AA6-E98D295AC33F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF323F8-6F93-46CB-A94C-B0774C54188F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0EF07C5D-DE44-409F-87B6-FB713BAF2547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AACD00C8-F451-4B27-855F-57B6F38A28E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "457D78E5-46CF-45CA-88E8-ED2A1502BB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "28791A2A-31DC-455C-8775-44E6FE0EF511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "88B232C7-746E-4F2D-8886-B872C307E5DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "291208DB-FB12-4361-B3F6-B9A34FFB074D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.0-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "A41D4E4B-EFEF-46E8-99E5-BA1B691F0673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.0-b2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1685B1-4E40-4341-A4FD-54409EF5160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.0-c1:*:*:*:*:*:*:*",
"matchCriteriaId": "7490F597-C4C5-4CF1-8090-08FB3B1A8ECE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.0-final:*:*:*:*:*:*:*",
"matchCriteriaId": "43997ED2-9214-42D9-8404-23BC5B79139E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "364BF6B5-3C83-41D3-A934-40BD0C4D05ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.2-b1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE608607-2800-4B9F-814B-3E339E2F86A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.2-final:*:*:*:*:*:*:*",
"matchCriteriaId": "EB02DAA0-3E51-4419-82FB-1DAF9C8105B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A85B5F4-C731-45F7-801F-8399B06EE135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.3-final:*:*:*:*:*:*:*",
"matchCriteriaId": "B6819AA8-E777-4C9A-9950-AD1F34C89B1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.4-final:*:*:*:*:*:*:*",
"matchCriteriaId": "F69CE0DC-A1C8-4E88-BA6E-3A152697D36F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "02F52B0A-A6F9-4357-9E54-69794FE6568E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B80D8374-50AD-4710-9B6E-C31B67B98C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5B85BDEE-B9B3-45E5-B1FC-F639B2351E1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "52629E94-50DC-4F00-8F96-217F4F2B82B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5C2E63-04C5-4F91-8649-0C7F0E9B4D63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D2758FAA-DA98-468D-A116-EA2F89F6EBFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.10.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4322F9-96DC-4907-A091-DC63B02DCEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "92CC66BD-4B63-4CA5-9F4E-A5F1FC6A86DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0a1:*:*:*:*:*:*:*",
"matchCriteriaId": "609A682A-9233-40FE-BF48-EB8645A98182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "8816B911-9FA2-41C9-BAF4-4ED902EAB518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.0c1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF76AB3F-8AC4-4176-9126-48E929911C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "68155E38-F337-42CE-AE30-9482EBED8EA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7994032-FEBB-4FD3-9808-A7B277CAD8A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C675DA8E-D981-4CFE-8EF7-04FD187DC5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B740CAB6-4459-4934-9731-954BF6DAC019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AEA03-622E-415C-972B-5733110B6396",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2704CA8B-2AB3-48C7-85DC-66F9AD667E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0F8805-2E74-40F6-BAE1-DB8187043611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3A0116-BDE0-490A-8CE6-0B4B0E003887",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en Zope v2.8.x antes de v2.8.12, v2.9.x antes de v2.9.12, v2.10.x antes de v2.10.11, v2.11.x antes de v2.11.6 y v2.12.x antes de v2.12.3 permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores relacionados con los mensajes de error."
}
],
"id": "CVE-2010-1104",
"lastModified": "2024-11-21T01:13:39.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-25T17:30:00.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38007"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/61655"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37765"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0104"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55599"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/61655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55599"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2010-1104\n\nThe Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.",
"lastModified": "2010-04-21T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-01-04 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zope:zope:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "46B2B101-676C-4EF3-90FB-7B5D36D1ADF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C49596F-E215-4B70-8397-3C247F509D43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities."
}
],
"id": "CVE-2000-0062",
"lastModified": "2024-11-20T23:31:38.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-01-04T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/922"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000104222219.B41650%40schvin.net"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/922"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000104222219.B41650%40schvin.net"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-07-19 20:55
Modified
2024-11-21 01:28
Severity ?
Summary
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone_hotfix_20110720:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72C4F762-6A49-4E9E-99DB-0952D8542F1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B647E76-E8B8-4329-8848-3B90EB262807",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0A6B8F-4018-44DC-9862-45309619DC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F10374F-2BB3-48D2-B19F-9B2D038A8E35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEAC4F93-D26C-48F3-A7FF-8DC008FC2671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "552661B7-093D-4B3C-8770-FCDE6032AA17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5180F9D2-E44B-455D-968C-792026AC832A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "636226E4-B880-41FE-A727-EF56CF8E6249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6E934A-C344-4861-8CD4-D18D52672D5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25780BBE-8013-4100-9EA8-7EFC244399A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A089ED64-07E6-4F4C-97AE-AF74269A4DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2334C9-9B34-4C7D-93A2-172E596E05C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "354046F4-FA55-4AFC-935A-C803D36CDE86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1496A7-6D0A-4970-B0BF-83758065BC6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "47DEF57C-92F0-4999-AF8E-CEE27EE92CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BED4241-D823-402A-A389-7E52C410E2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9A55E6-F265-4BB8-8683-3E0CFA01EC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "970FD910-50A4-478A-ADE6-EB912C261DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A490523-1063-44E4-A72A-C23070279181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D8559F17-63D1-45DB-8A28-47F729DC6686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC93803-6506-4382-A013-18010EE7E06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65977FD-A880-4D16-B56B-94A72774F42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA5B4F8-2155-403D-97D8-1272285D508B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A3CA2943-77E5-4384-A019-415BBCE62F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "538A3519-5B04-4FE5-A3C0-FD26EFA32705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "858CBC5A-C241-475C-8125-C5EA351B12A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08F4534-A588-463F-A745-39E559AB1CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B64341BA-5722-415E-9771-9837168AB7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2929227-AE19-428D-9AC3-D312A559039B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B6DC866-0FEE-475B-855C-A69E004810CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50BF3E8E-152C-4E89-BAA2-A952D10F4611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49DB97A7-89DD-43C0-A490-84AA7069764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F1F88BF6-9058-4CB8-A2D6-5653860CF489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AA3FA2-15C3-444A-8810-5EF3E0E84D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C44B53B-953B-4522-A5B4-11573850D2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2704CA8B-2AB3-48C7-85DC-66F9AD667E0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "020F418B-589E-4864-89DB-29AAFBF41491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "FCE1948E-7DA4-4F5B-8BE0-6F775356F286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "44497A5B-01FC-4931-A478-5BC1C0E2E155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:a4:*:*:*:*:*:*",
"matchCriteriaId": "D53DE247-B6F9-43B5-A1C8-631183AF5FC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "0F6993A9-74C2-443B-8C58-FA5BA972573C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "029814EB-380B-4DE5-8E79-7DA8D3C78C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "BA8E46A4-1706-4E2D-9353-3E7F9C70E405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "CFF98E8F-3D3D-477E-A750-59C26156FD1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0F8805-2E74-40F6-BAE1-DB8187043611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3A0116-BDE0-490A-8CE6-0B4B0E003887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "73D8DF4A-46E9-4D1F-88DF-2C0EB274B280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB94584-6842-429F-A5E5-DFB3037B1DD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3CB9CA-8F81-4E9B-B334-83D28DFBB44D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0262630B-153C-47D8-A852-ADCADED1B4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8B5E37A4-EE2F-4DCA-928F-553EDD487A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD494AD-C46F-455E-941B-8B6135EB3566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B485846-EC9D-426C-BFE0-A9E647D6C65D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E814BB0A-D5D3-4756-8135-0A7EFF9D8538",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A638BB63-7F91-4A5E-9FEC-C19E2A585CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.12:*:*:*:*:*:*:*",
"matchCriteriaId": "98FD488D-8C25-4553-8F3E-E4AEACCBD23F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.13:*:*:*:*:*:*:*",
"matchCriteriaId": "821C6F9D-B9F5-4525-870C-1F57943B008C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB9641A-97D9-4AC7-85F8-1604D5EBFECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F5B68D-E59B-4605-869D-7FD5CCD7C6B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.16:*:*:*:*:*:*:*",
"matchCriteriaId": "14D1EA26-9BB1-4917-94BC-2E08864770FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEB553C-21A6-4670-A37A-C2A7D360512D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.12.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5767213A-DD93-4FDF-9E0E-B90814D71BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9050973E-3A55-4601-B03E-138C3187F858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "9B7A80F2-F98D-4147-971D-C0C8CC61171A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "20900397-13D4-423F-B34A-B9CF7E664290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a3:*:*:*:*:*:*",
"matchCriteriaId": "9D678FB1-C5EB-49DF-BAAD-81BB12AAA9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:a4:*:*:*:*:*:*",
"matchCriteriaId": "4894BEE3-918A-4391-8EEC-37A5C0037E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "AE1ADEFB-09F4-4677-853D-670AC646C319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.0:c1:*:*:*:*:*:*",
"matchCriteriaId": "5BB1F4C5-4F42-40F5-9180-ED60257BD7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CD5888-B251-40B4-AF2D-F84ADCA66ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68EAFD75-6FA4-44D4-8F7E-4A1ADE2FE48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6623BA51-B166-41B6-A5AD-8230AD866B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F9FE75C9-A9F0-40DB-B808-EC6015DE6613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5C04B10C-5E7F-4FB8-9EF0-A27C7E1B938A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D23B7F57-303C-41CE-8183-BE98799CB725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zope:zope:2.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C42775B2-DF65-4CFE-9D75-4718AE19F994",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a \"highly serious vulnerability.\" NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en (1) Zope v2.12.x antes de v2.12.19 y v2.13.x antes de v2.13.8, como la utilizada en Plone v4.x y otros productos, y (2) PloneHotfix20110720 para Plone v3.x permite a los atacantes obtener privilegios a trav\u00e9s de vectores no especificados, en relaci\u00f3n con una \"vulnerabilidad muy grave\". NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incorrecta para CVE-2.011 hasta 0720."
}
],
"id": "CVE-2011-2528",
"lastModified": "2024-11-21T01:28:28.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-07-19T20:55:01.197",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110622"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20110622"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45056"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45111"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/04/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/12/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718824"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone-hotfix/releases/20110622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://plone.org/products/plone/security/advisories/20110622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/04/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/07/12/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=718824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://mail.zope.org/pipermail/zope-announce/2011-June/002260.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}