Lucene search

[email protected]CVE-2000-0725

HistoryOct 20, 2000 - 4:00 a.m.

CVE-2000-0725

2000-10-2004:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

zope

cve-2000-0725

access restriction

getroles method

dtml

modify roles

nvd

6.7 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.4%

JSON

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

CPENameOperatorVersion
zope:zopezopeeq1.10.3
zope:zopezopeeq2.1.1
zope:zopezopeeq2.2_beta1
zope:zopezopeeq2.1.7

CPE	Name	Operator	Version
zope:zope	zope	eq	1.10.3
zope:zope	zope	eq	2.1.1
zope:zope	zope	eq	2.2_beta1
zope:zope	zope	eq	2.1.7

References

archives.neohapsis.com/archives/bugtraq/2000-08/0198.html

archives.neohapsis.com/archives/bugtraq/2000-08/0259.html

www.debian.org/security/2000/20000821

www.redhat.com/support/errata/RHSA-2000-052.html

www.securityfocus.com/bid/1577

www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert

6.7 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.4%

JSON

Related for CVE-2000-0725

github1 osv1