Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Web Servers --> Category: infos

Zope Image Updating Method Vulnerability Scan

Vulnerability Scan Summary
Checks for Zope

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains an application server that fails to
protect stored content from modification by remote users.

Description :

According to its banner, the remote web server is Zope < 2.2.5. Such
versions suffer from a security issue involving incorrect protection
of a data updating method on Image and File objects. Because the
method is not correctly protected, it is possible for users with DTML
editing rights to update the raw data of a File or Image object
via DTML though they do not have editing rights on the objects

*** Since Nessus solely relied on the version number of your server,
*** consider this a false positive if you applied the hotfix already.

See also :

Solution :

Upgrade to Zope 2.2.5 or apply the hotfix referenced in the vendor
advisory above.

Threat Level:

Medium / CVSS Base Score : 4

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.