Detections
Analytics

Zope < 2.1.7 DocumentTemplate Unauthorized DTML Entity Modification

high Nessus Plugin ID 10447

Synopsis

The remote web server contains an application server that fails to protect stored content and code from modification by remote users.

Description

The remote web server is Zope < 2.1.7. There is a security problem in these versions that can allow the contents of DTMLDocuments or DTMLMethods to be changed without forcing proper user authentication.

Solution

Upgrade to Zope 2.1.7 or later.

See Also

https://mail.zope.org/pipermail/zope/2000-June/111952.html

http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert

Plugin Details

Severity: High

ID: 10447

File Name: zope.nasl

Version: 1.26

Type: remote

Family: Web Servers

Published: 6/22/2000

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/zope

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 6/15/2000

Reference Information

CVE: CVE-2000-0483

BID: 1354