Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Web Servers --> Category: infos

Zope ZClass Permission Mapping Bug Vulnerability Scan

Vulnerability Scan Summary
Checks Zope version

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains an application server that is prone
to a privilege escalation flaw.

Description :

The remote web server uses a version of Zope which is older than
version 2.3.3. In such versions, any user can visit a ZClass
declaration and change the ZClass permission mappings for methods and
other objects defined within the ZClass, possibly allowing for
unauthorized access within the Zope instance.

*** Nessus solely relied on the version number of your server, so if
*** the hotfix has already been applied, this might be a false positive

See also :

Solution :

Upgrade to Zope 2.3.3 or apply the hotfix referenced in the vendor
advisory above.

Threat Level:

Medium / CVSS Base Score : 5

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.