Zope +DTMLTemplates and DTMLMethods Remote Modification Vulnerability
BID:1354
Info
Zope +DTMLTemplates and DTMLMethods Remote Modification Vulnerability
| Bugtraq ID: | 1354 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 15 2000 12:00AM |
| Updated: | Jun 15 2000 12:00AM |
| Credit: | First exposed in a Zope advisory on June 15, 2000. Advisory forwarded to Bugtraq by George Lewis <[email protected]> on June 15, 2000. |
| Vulnerable: |
Zope Zope 2.2 beta1 Zope Zope 2.1 .x |
| Not Vulnerable: |
Zope Zope 2.1.7 |
Discussion
Zope +DTMLTemplates and DTMLMethods Remote Modification Vulnerability
Zope is a popular open source web application server that runs on many unix platforms. A security advisory has been recently issued by Zope regarding a vulnerability that may allow an attacker to modify DTMLMethods or DTMLDocuments remotely. The problem is described to be inadequately protected method in one of Zope's base classes that can be exploited remotely or through DTML code without proper authentication.
Zope is a popular open source web application server that runs on many unix platforms. A security advisory has been recently issued by Zope regarding a vulnerability that may allow an attacker to modify DTMLMethods or DTMLDocuments remotely. The problem is described to be inadequately protected method in one of Zope's base classes that can be exploited remotely or through DTML code without proper authentication.
Exploit / POC
Zope +DTMLTemplates and DTMLMethods Remote Modification Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Zope +DTMLTemplates and DTMLMethods Remote Modification Vulnerability
References:
References: