Summary
The remote host is missing an update to zope2.7
announced via advisory DSA 910-1.
A vulnerability has been discovered in zope 2.7, as Open Source web application server, that allows remote attackers to insert arbitrary files via include directives in reStructuredText functionality.
The old stable distribution (woody) does not contain zope2.7 packages.
Solution
For the stable distribution (sarge) this problem has been fixed in version 2.7.5-2sarge1.
For the unstable distribution (sid) this problem has been fixed in version 2.7.8-1.
We recommend that you upgrade your zope2.7 package.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20910-1
Severity
Classification
-
CVE CVE-2005-3323 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities