Rapid7 Vulnerability & Exploit Database

RHSA-2002:060: Updated Zope packages are available

Back to Search

RHSA-2002:060: Updated Zope packages are available

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
07/23/2002
Created
07/25/2018
Added
03/24/2010
Modified
07/04/2017

Description

Updated Zope packages are available which fix a number of security issues

Zope is a python-based application server. A number of security hotfixes have been made available for Zope: The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. (CAN-2002-0687) ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes. (CAN-2002-0688) Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. (CAN-2002-0170) Users should upgrade to these errata packages that have the Zope Hotfixes 2002-03-01, 2002-04-15, and 2002-06-14 applied, and are therefore not vulnerable to these issues.

Solution(s)

  • redhat-upgrade-zope
  • redhat-upgrade-zope-components
  • redhat-upgrade-zope-core
  • redhat-upgrade-zope-pcgi
  • redhat-upgrade-zope-services
  • redhat-upgrade-zope-zpublisher
  • redhat-upgrade-zope-zserver
  • redhat-upgrade-zope-ztemplates

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;