Test Kennung:	1.3.6.1.4.1.25623.1.0.10569
Kategorie:	CGI abuses
Titel:	Zope Image updating Method
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote web server is Zope < 2.2.5 There is a security issue in all releases prior to version 2.2.5. The issue involves incorrect protection of a data updating method on Image and File objects. Because the method is not correctly protected, it is possible for users with DTML editing privileges to update the raw data of a File or Image object via DTML though they do not have editing privileges on the objects themselves. *** Nessus solely relied on the version number of your *** server, so if you applied the hotfix already, *** consider this alert as a false positive. Solution : Upgrade to Zope 2.2.5 or apply the hotfix available at http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert Risk factor : High
Querverweis:	BugTraq ID: 922 Common Vulnerability Exposure (CVE) ID: CVE-2000-0062 http://www.securityfocus.com/bid/922 Bugtraq: 20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT] (Google Search) http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net XForce ISS Database: zope-dtml
Copyright	This script is Copyright (C) 2000 Renaud Deraison

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.