SB2008090504 - Input validation error in Zope

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2002-0687)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.

Remediation

Install update from vendor's website.

References

• http://www.iss.net/security_center/static/9621.php
• http://www.osvdb.org/5166
• http://www.redhat.com/support/errata/RHSA-2002-060.html
• http://www.securityfocus.com/bid/5813
• http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert