Zope Malformed XML RPC Request Path Disclosure

medium Nessus Plugin ID 11234

Synopsis

The remote web server contains an application server that is prone to an information disclosure attack.

Description

There is a minor security problem in all releases of Zope prior to version 2.5.1b1 - they reveal the installation path when an invalid XML RPC request is sent.

Solution

Upgrade to Zope 2.5.1b1 / 2.6.0b1 or later.

See Also

https://bugs.launchpad.net/zope2/+bug/142016

Plugin Details

Severity: Medium

ID: 11234

File Name: zope_path_disclosure.nasl

Version: 1.19

Type: remote

Family: Web Servers

Published: 2/17/2003

Updated: 8/8/2018

Supported Sensors: Nessus

Vulnerability Information

Required KB Items: www/zope

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 5806