Lucene search

GitHub Advisory DatabaseGHSA-QH4Q-FWF8-QQRW

HistoryMay 17, 2022 - 5:48 a.m.

Zope Denial of Service (DoS) vulnerability in ZServer

2022-05-1705:48:31

CWE-400

GitHub Advisory Database

github.com

7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.017 Low

EPSS

Percentile

87.7%

JSON

ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions.

Affected configurations

Vulners

Node

github_advisory_databasezopeRange<2.11.7

github_advisory_databasezopeRange<2.10.12

CPENameOperatorVersion
zopelt2.11.7
zopelt2.10.12

CPE	Name	Operator	Version
	zope	lt	2.11.7
	zope	lt	2.10.12

References

www.zope.org/Products/Zope/2.10.12/CHANGES.txt

www.zope.org/Products/Zope/2.11.7/CHANGES.txt

bugs.launchpad.net/zope2/+bug/627988

github.com/advisories/GHSA-qh4q-fwf8-qqrw

github.com/zopefoundation/Zope/commit/0f2f56f63e4a4d695ee670e02b317e900550dbac

github.com/zopefoundation/Zope/commit/e03a5f036d42ed2426886c9035fe018eeec65de4

mail.zope.org/pipermail/zope-announce/2010-September/002247.html

nvd.nist.gov/vuln/detail/CVE-2010-3198

web.archive.org/web/20200229173503/www.securityfocus.com/bid/42939

7 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.017 Low

EPSS

Percentile

87.7%

JSON

Related for GHSA-QH4Q-FWF8-QQRW