Описание
Zope Server vulnerable to DoS via header injection
Zope is a Web application server for Linux. Zope versions 2.0 through 2.5.1 b1 are vulnerable to a denial of service attack, caused by a vulnerability that occurs when using the "through the Web code" capability. A remote attacker could inject malicious headers into a response to cause the vulnerable system to crash.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2002-0687
- https://marc.info/?l=zope-announce&m=101890177815066&w=2
- https://marc.info/?l=zope-announce&m=101897461507941&w=2
- https://marc.info/?l=zope-announce&m=101897462107967&w=2
- https://web.archive.org/web/20020822024423/http://www.iss.net/security_center/static/9621.php
- https://web.archive.org/web/20021018100409/http://online.securityfocus.com/bid/5813
- http://www.redhat.com/support/errata/RHSA-2002-060.html
- http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert
Пакеты
zope
>= 2.0.0, < 2.4.4b2
2.4.4b2
zope
>= 2.5.0, < 2.5.1b2
2.5.1b2
Связанные уязвимости
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 al ...