Input validation error in Zope - CVE-2000-0483
Published: October 10, 2017 / Updated: June 17, 2025
Vulnerability identifier: #VU111202
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2000-0483
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zope
Affected software:
Zope
Zope
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.
How to mitigate CVE-2000-0483
Install update from vendor's website.
Sources
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc
- http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html
- http://www.redhat.com/support/errata/RHSA-2000-038.html
- http://www.securityfocus.com/bid/1354
- http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br
- http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert
- https://exchange.xforce.ibmcloud.com/vulnerabilities/4716