Rapid7 Vulnerability & Exploit Database

RHSA-2000:135: Zope Hotfix package available

Back to Search

RHSA-2000:135: Zope Hotfix package available

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
12/20/2000
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

A new Zope Hotfix package is available.

The issue involves incorrect protection of a data updating method on Image and File objects. Because the method was not correctly protected, it was possible for users with DTML editing privileges to update the raw data of aprivileges File or Image object via DTML, though they did not have editing on the objects themselves.

Solution(s)

  • redhat-upgrade-zope-hotfix-dtml

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;