SB2008090504 - Input validation error in Zope
Published: September 5, 2008 Updated: June 17, 2025
Security Bulletin ID
SB2008090504
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2002-0687)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
Remediation
Install update from vendor's website.