CVE-2000-1211

2003-04-0205:00:00

[email protected]

web.nvd.nist.gov

cve-2000-1211

zope

security registration

unauthorized activities

object constructors

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.9%

JSON

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

Affected configurations

NVD

Node

zopezopeMatch2.2.0

zopezopeMatch2.2.0a1

zopezopeMatch2.2.0b1

zopezopeMatch2.2.0b2

zopezopeMatch2.2.0b3

zopezopeMatch2.2.0b4

zopezopeMatch2.2.1

zopezopeMatch2.2.1b1

zopezopeMatch2.2.2

zopezopeMatch2.2.3

zopezopeMatch2.2.4

CPENameOperatorVersion
zope:zopezopeeq2.2.0
zope:zopezopeeq2.2.0a1
zope:zopezopeeq2.2.0b1
zope:zopezopeeq2.2.0b2
zope:zopezopeeq2.2.0b3
zope:zopezopeeq2.2.0b4
zope:zopezopeeq2.2.1
zope:zopezopeeq2.2.1b1
zope:zopezopeeq2.2.2
zope:zopezopeeq2.2.3

CPE	Name	Operator	Version
zope:zope	zope	eq	2.2.0
zope:zope	zope	eq	2.2.0a1
zope:zope	zope	eq	2.2.0b1
zope:zope	zope	eq	2.2.0b2
zope:zope	zope	eq	2.2.0b3
zope:zope	zope	eq	2.2.0b4
zope:zope	zope	eq	2.2.1
zope:zope	zope	eq	2.2.1b1
zope:zope	zope	eq	2.2.2
zope:zope	zope	eq	2.2.3