Family: Web Servers --> Category: infos
Zope ZClass Permission Mapping Bug Vulnerability Scan
Vulnerability Scan Summary
Checks Zope version
Detailed Explanation for this Vulnerability Test
The remote web server contains an application server that is prone
to a privilege escalation flaw.
The remote web server uses a version of Zope which is older than
version 2.3.3. In such versions, any user can visit a ZClass
declaration and change the ZClass permission mappings for methods and
other objects defined within the ZClass, possibly allowing for
unauthorized access within the Zope instance.
*** Nessus solely relied on the version number of your server, so if
*** the hotfix has already been applied, this might be a false positive
See also :
Upgrade to Zope 2.3.3 or apply the hotfix referenced in the vendor
Medium / CVSS Base Score : 5
Click HERE for more information and discussions on this network vulnerability scan.