Zope ZClass Permission Mapping Bug Network Vulnerability

Summary

The remote web server contains an application server that is prone to a privilege escalation flaw. Description : The remote web server uses a version of Zope which is older than version 2.3.3. In such versions, any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance. *** OVS solely relied on the version number of your server, so if *** the hotfix has already been applied, this might be a false positive

Solution

Upgrade to Zope 2.3.3 or apply the hotfix referenced in the vendor advisory above.

Severity

Classification

CVE CVE-2001-0567

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Acritum Femitter Server 1.03 Multiple Remote Vulnerabilities
lighttpd Slow Request Handling Remote Denial Of Service Vulnerability
IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
Apache Tomcat Multiple Vulnerabilities January 2010
Apache Directory Listing

Take action and discover your vulnerabilities