CVE-2000-0725

Опубликовано: 20 окт. 2000

Источник: nvd

CVSS2: 7.2

EPSS Низкий

Описание

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
Patch
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
Patch
http://www.debian.org/security/2000/20000821
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2000-052.html
http://www.securityfocus.com/bid/1577
Patch
Vendor Advisory
http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
Patch
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
Patch
http://www.debian.org/security/2000/20000821
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2000-052.html
http://www.securityfocus.com/bid/1577
Patch
Vendor Advisory
http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zope:zope:1.10.3:*:*:*:*:*:*:*

cpe:2.3:a:zope:zope:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:zope:zope:2.1.7:*:*:*:*:*:*:*

cpe:2.3:a:zope:zope:2.2_beta1:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00055

Низкий

7.2 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2000-0725

redhat

почти 25 лет назад

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

GHSA-9cmq-pj6p-hgwf

github

около 3 лет назад

Zope does not properly restrict access to the getRoles method