Main Vulnerability Database Vulnerabilities #VU111193

Input validation error in Zope - CVE-2001-1278

Published: September 10, 2008 / Updated: June 17, 2025

Vulnerability identifier: #VU111193

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2001-1278

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Zope

Affected software:
Zope

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

How to mitigate CVE-2001-1278

Install update from vendor's website.

Sources

http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3
http://www.redhat.com/support/errata/RHSA-2001-115.html
http://www.securityfocus.com/bid/3425

Input validation error in Zope - CVE-2001-1278

Detailed vulnerability description

How to mitigate CVE-2001-1278

Sources

Please verify you're human