Title: Zope DTML Editing Vulnerability
Severity: MODERATE
Description:
Zope is a freely available dynamic web page management suite, written and maintained by the Zope Project. A problem exists which could allow a user access to unauthorized resources.
The problem occurs in the handling of legacy file names. Insufficent access control on certain DTML Method objects make it possible to anonymous remote users to create new objects and DTML Method instances. This would allow a malicious user to potentially create new methods and possibly retrieve information from a system running Zope. It could also potentially result in a compromise of data being handled by Zope. This vulnerability affects Zope software revisions 2.2.0 thru 2.2.4.
Affected Products:
- Debian Linux 2.2.0
- Debian Linux 2.2.0 68k
- Debian Linux 2.2.0 alpha
- Debian Linux 2.2.0 arm
- Debian Linux 2.2.0 powerpc
- Debian Linux 2.2.0 sparc
- MandrakeSoft Corporate Server 1.0.1
- MandrakeSoft Linux Mandrake 7.1.0
- MandrakeSoft Linux Mandrake 7.2.0
- RedHat Linux 6.1.0 alpha
- RedHat Linux 6.1.0 i386
- RedHat Linux 6.1.0 sparc
- RedHat Linux 6.2.0 alpha
- RedHat Linux 6.2.0 i386
- RedHat Linux 6.2.0 sparc
- RedHat Linux 7.0.0 alpha
- RedHat Linux 7.0.0 i386
- RedHat Linux 7.0.0 sparc
- Zope Zope 2.2.0.0
- Zope Zope 2.2.1
- Zope Zope 2.2.2
- Zope Zope 2.2.3
- Zope Zope 2.2.4
References:
- Zope: Welcome to Zope.org
- Zope: Zope README
- Zope: [Zope-Annce] SECURITY alert and hotfix release
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
