Main Vulnerability Database Vulnerabilities #VU111192

Input validation error in Zope - CVE-2002-0170

Published: October 18, 2016 / Updated: June 17, 2025

Vulnerability identifier: #VU111192

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2002-0170

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Zope

Affected software:
Zope

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

How to mitigate CVE-2002-0170

Install update from vendor's website.

Sources

http://marc.info/?l=bugtraq&m=101503023511996&w=2
http://www.iss.net/security_center/static/8334.php
http://www.osvdb.org/5350
http://www.redhat.com/support/errata/RHSA-2002-060.html
http://www.securityfocus.com/bid/4229
http://www.zope.org/Products/Zope/hotfixes/

Input validation error in Zope - CVE-2002-0170

Detailed vulnerability description

How to mitigate CVE-2002-0170

Sources

Please verify you're human