 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 10569 |
| Category: | CGI abuses |
| Title: | Zope Image updating Method |
| Summary: | NOSUMMARY |
| Description: | Description: The remote web server is Zope < 2.2.5 There is a security issue in all releases prior to version 2.2.5. The issue involves incorrect protection of a data updating method on Image and File objects. Because the method is not correctly protected, it is possible for users with DTML editing privileges to update the raw data of a File or Image object via DTML though they do not have editing privileges on the objects themselves. *** Nessus solely relied on the version number of your *** server, so if you applied the hotfix already, *** consider this alert as a false positive. Solution : Upgrade to Zope 2.2.5 or apply the hotfix available at http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert Risk factor : High |
| Cross-Ref: |
BugTraq ID: 922 Common Vulnerability Exposure (CVE) ID: CVE-2000-0062 http://www.securityfocus.com/bid/922 Bugtraq: 20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT] (Google Search) http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net XForce ISS Database: zope-dtml |
| Copyright | This script is Copyright (C) 2000 Renaud Deraison |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |