|Title:||Zope ZClass Permission Mapping Bug|
|Summary:||The remote web server uses a version of Zope which is older than; version 2.3.3. In such versions, any user can visit a ZClass declaration and change the ZClass; permission mappings for methods and other objects defined within the ZClass, possibly allowing for; unauthorized access within the Zope instance.|
The remote web server uses a version of Zope which is older than
version 2.3.3. In such versions, any user can visit a ZClass declaration and change the ZClass
permission mappings for methods and other objects defined within the ZClass, possibly allowing for
unauthorized access within the Zope instance.
Upgrade to Zope 2.3.3 or apply the hotfix referenced in the vendor
Common Vulnerability Exposure (CVE) ID: CVE-2001-0567|
Conectiva Linux advisory: CLA-2001:407
Debian Security Information: DSA-055 (Google Search)
XForce ISS Database: zope-zclass-gain-privileges(6958)
|Copyright||Copyright (C) 2001 Alert4Web.com|
|This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.