Main Vulnerability Database Vulnerabilities #VU111200

Input validation error in Zope - CVE-2000-1211

Published: September 5, 2008 / Updated: June 17, 2025

Vulnerability identifier: #VU111200

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2000-1211

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Zope

Affected software:
Zope

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

How to mitigate CVE-2000-1211

Install update from vendor's website.

Sources

http://www.iss.net/security_center/static/5824.php
http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3
http://www.osvdb.org/6282
http://www.redhat.com/support/errata/RHSA-2000-125.html
http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert

Input validation error in Zope - CVE-2000-1211

Detailed vulnerability description

How to mitigate CVE-2000-1211

Sources

Please verify you're human