Input validation error in Zope - CVE-2000-1212
Published: October 10, 2017 / Updated: June 17, 2025
Vulnerability identifier: #VU111199
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2000-1212
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zope
Affected software:
Zope
Zope
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to corrupt data.
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
How to mitigate CVE-2000-1212
Install update from vendor's website.
Sources
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086
- http://www.debian.org/security/2001/dsa-007
- http://www.osvdb.org/6283
- http://www.redhat.com/support/errata/RHSA-2000-135.html
- http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5778