Main Vulnerability Database Vulnerabilities #VU111194

Input validation error in Zope - CVE-2001-1227

Published: October 10, 2017 / Updated: June 17, 2025

Vulnerability identifier: #VU111194

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2001-1227

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Zope

Affected software:
Zope

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

How to mitigate CVE-2001-1227

Install update from vendor's website.

Sources

http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3
http://www.redhat.com/support/errata/RHSA-2001-072.html
http://www.redhat.com/support/errata/RHSA-2001-115.html
http://www.securityfocus.com/bid/3425
https://exchange.xforce.ibmcloud.com/vulnerabilities/7271

Input validation error in Zope - CVE-2001-1227

Detailed vulnerability description

How to mitigate CVE-2001-1227

Sources

Please verify you're human