7.2

CVE-2000-0725

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZopeZope Version1.10.3
ZopeZope Version2.1.1
ZopeZope Version2.1.7
ZopeZope Version2.2_beta1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.47% 0.367
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
Patch
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
Patch
http://www.debian.org/security/2000/20000821
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2000-052.html
http://www.securityfocus.com/bid/1577
Patch
Vendor Advisory
http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert