SB2008091003 - Multiple vulnerabilities in Zope

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2008091003

SB2008091003 - Multiple vulnerabilities in Zope

Published: September 10, 2008 Updated: June 17, 2025

Security Bulletin ID SB2008091003
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 33% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2000-0725)

The vulnerability allows a local user to execute arbitrary code.

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.


2) Input validation error (CVE-ID: CVE-2000-0483)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.


3) Input validation error (CVE-ID: CVE-2000-0062)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.


Remediation

Install update from vendor's website.

References