Input validation error in Zope
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Input validation error
EUVDB-ID: #VU111191
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2002-0687
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
MitigationInstall update from vendor's website.
Vulnerable software versionsZope: 2.5 - 2.5.1b2
CPE2.3- cpe:2.3:a:zope:zope:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.5.0a1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.5.0a2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.5.0b1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.5.1b1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.5.1b2:*:*:*:*:*:*:*
https://www.iss.net/security_center/static/9621.php
https://www.osvdb.org/5166
https://www.redhat.com/support/errata/RHSA-2002-060.html
https://www.securityfocus.com/bid/5813
https://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
