|
|
Family: Web Servers --> Category: infos
Zope ZClass Permission Mapping Bug Vulnerability Scan
Vulnerability Scan Summary
Checks Zope version
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an application server that is prone
to a privilege escalation flaw.
Description :
The remote web server uses a version of Zope which is older than
version 2.3.3. In such versions, any user can visit a ZClass
declaration and change the ZClass permission mappings for methods and
other objects defined within the ZClass, possibly allowing for
unauthorized access within the Zope instance.
*** Nessus solely relied on the version number of your server, so if
*** the hotfix has already been applied, this might be a false positive
See also :
http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert
Solution :
Upgrade to Zope 2.3.3 or apply the hotfix referenced in the vendor
advisory above.
Threat Level:
Medium / CVSS Base Score : 5
(AV:L/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
