1. CVE-Search
  2. CVE-2000-0725
ID CVE-2000-0725
Summary Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
References
Vulnerable Configurations
  • cpe:2.3:a:zope:zope:1.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:1.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:zope:zope:2.2_beta1:*:*:*:*:*:*:*
    cpe:2.3:a:zope:zope:2.2_beta1:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 10-09-2008 - 19:05)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
rhsa
id RHSA-2000:052
refmap via4
bid 1577
bugtraq
  • 20000816 MDKSA-2000:035 Zope update
  • 20000821 Conectiva Linux Security Announcement - Zope
confirm http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
debian 20000821 zope: unauthorized escalation of privilege (update)
Last major update 10-09-2008 - 19:05
Published 20-10-2000 - 04:00
Last modified 10-09-2008 - 19:05
Back to Top