Lucene search

[email protected]CVE-2002-0170

HistoryApr 22, 2002 - 4:00 a.m.

CVE-2002-0170

2002-04-2204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

zope

cve-2002-0170

access verification

proxy roles

unauthorized access

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.8%

JSON

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

CPENameOperatorVersion
zope:zopezopeeq2.4.0
zope:zopezopeeq2.2.1
zope:zopezopeeq2.3.1
zope:zopezopeeq2.4.4b1
zope:zopezopeeq2.2.0
zope:zopezopeeq2.3.2
zope:zopezopeeq2.5.1b1
zope:zopezopeeq2.5.0
zope:zopezopeeq2.4.1
zope:zopezopeeq2.2.4

CPE	Name	Operator	Version
zope:zope	zope	eq	2.4.0
zope:zope	zope	eq	2.2.1
zope:zope	zope	eq	2.3.1
zope:zope	zope	eq	2.4.4b1
zope:zope	zope	eq	2.2.0
zope:zope	zope	eq	2.3.2
zope:zope	zope	eq	2.5.1b1
zope:zope	zope	eq	2.5.0
zope:zope	zope	eq	2.4.1
zope:zope	zope	eq	2.2.4

Rows per page:

1-10 of 171

References

marc.info/?l=bugtraq&m=101503023511996&w=2

www.iss.net/security_center/static/8334.php

www.osvdb.org/5350

www.redhat.com/support/errata/RHSA-2002-060.html

www.securityfocus.com/bid/4229

www.zope.org/Products/Zope/hotfixes/

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.8%

JSON

Related for CVE-2002-0170

osv1 github1