Zope Python Scripts Local Denial of Service Vulnerability
2008-11-21T00:00:00
ID OPENVAS:1361412562310800064 Type openvas Reporter Copyright (C) 2008 Greenbone Networks GmbH Modified 2019-03-17T00:00:00
Description
This host is running Zope, and is prone to Denial of Service
Vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_zope_python_scripts_dos_vuln_lin.nasl 14240 2019-03-17 15:50:45Z cfischer $
#
# Zope Python Scripts Local Denial of Service Vulnerability
#
# Authors:
# Chandan S <schandan@secpod.com>
#
# Copyright:
# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.800064");
script_version("$Revision: 14240 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-17 16:50:45 +0100 (Sun, 17 Mar 2019) $");
script_tag(name:"creation_date", value:"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)");
script_tag(name:"cvss_base", value:"4.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_cve_id("CVE-2008-5102");
script_bugtraq_id(32267);
script_name("Zope Python Scripts Local Denial of Service Vulnerability");
script_xref(name:"URL", value:"http://www.zope.org/advisories/advisory-2008-08-12");
script_xref(name:"URL", value:"http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 Greenbone Networks GmbH");
script_family("Denial of Service");
script_dependencies("gb_get_http_banner.nasl");
script_require_ports("Services/www", 8080);
script_mandatory_keys("zope/banner");
script_tag(name:"impact", value:"Successful exploitation allows remote authenticated users to cause
denial of service or resource exhaustion.");
script_tag(name:"affected", value:"Zope Versions 2.x - 2.11.2 on Linux.");
script_tag(name:"insight", value:"Zope server allows improper strings to be passed via certain raise and
import commands.");
script_tag(name:"summary", value:"This host is running Zope, and is prone to Denial of Service
Vulnerability.");
script_tag(name:"solution", value:"Update Zope to a later version.");
script_tag(name:"qod_type", value:"executable_version");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("http_func.inc");
include("version_func.inc");
port = get_http_port(default:8080);
banner = get_http_banner(port:port);
if(!banner) exit(0);
zopeVer = eregmatch(pattern:"Zope ([0-9.]+)", string:banner);
if(zopeVer != NULL)
{
if(version_in_range(version:zopeVer[1], test_version:"2.0", test_version2:"2.11.2")){
security_message(port);
}
}
{"id": "OPENVAS:1361412562310800064", "bulletinFamily": "scanner", "title": "Zope Python Scripts Local Denial of Service Vulnerability", "description": "This host is running Zope, and is prone to Denial of Service\n Vulnerability.", "published": "2008-11-21T00:00:00", "modified": "2019-03-17T00:00:00", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800064", "reporter": "Copyright (C) 2008 Greenbone Networks GmbH", "references": ["http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt", "http://www.zope.org/advisories/advisory-2008-08-12"], "cvelist": ["CVE-2008-5102"], "type": "openvas", "lastseen": "2019-03-18T14:45:04", "history": [{"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2008-5102"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "This host is running Zope, and is prone to Denial of Service\n Vulnerability.", "edition": 3, "enchantments": {"dependencies": {"modified": "2018-09-02T00:06:28", "references": [{"idList": ["OPENVAS:800064"], "type": "openvas"}, {"idList": ["CVE-2008-5102"], "type": "cve"}, {"idList": ["EDB-ID:32581"], "type": "exploitdb"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "hash": "f5823cf4a65c1d52b774d2faabfe0de8e56a06638171bbd19b42cd02d0ac8b57", "hashmap": [{"hash": "72694275d935257878567313a66fa0a7", "key": "published"}, {"hash": "711d051a7c0db70ca108b804aa5319ac", "key": "naslFamily"}, {"hash": "7d6e1681a216aff7ce7f0436bf05867b", "key": "href"}, {"hash": "25d13c3e750233700be7f325ba212b1b", "key": "reporter"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "65ff50d228cfe5e31b7abcdedf3aa6a5", "key": "cvelist"}, {"hash": "c10e62dd21db6d8723a1bccf496a8c1b", "key": "pluginID"}, {"hash": "03a2db73dc7c9043c15698d7c6ec2b4e", "key": "references"}, {"hash": "b999c85fb0eaf66addf42eb861a347f3", "key": "description"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "3acd5c52298d52c7e188feeb289548b8", "key": "cvss"}, {"hash": "2d5753ca3cb8627a5c3609a1839b7260", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "04fdbada8b4c77963d84f72150be6647", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800064", "id": "OPENVAS:1361412562310800064", "lastseen": "2018-09-02T00:06:28", "modified": "2018-04-06T00:00:00", "naslFamily": "Denial of Service", "objectVersion": "1.3", "pluginID": "1361412562310800064", "published": "2008-11-21T00:00:00", "references": ["http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt", "http://www.zope.org/advisories/advisory-2008-08-12"], "reporter": "Copyright (C) 2008 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_zope_python_scripts_dos_vuln_lin.nasl 9349 2018-04-06 07:02:25Z cfischer $\n#\n# Zope Python Scripts Local Denial of Service Vulnerability\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Update Zope to higher version,\n http://www.zope.org/Products/Zope/\n or\n Apply available patch,\n http://www.zope.org/Products/Zope/Hotfix-2008-08-12/\n\n *****\n NOTE: Ignore this warning if above mentioned patch is already applied.\n *****\";\n\ntag_impact = \"Successful exploitation allows remote authenticated users to cause\n denial of service or resource exhaustion.\n Impact Level: Application\";\ntag_affected = \"Zope Versions 2.x - 2.11.2 on Linux.\";\ntag_insight = \"Zope server allows improper strings to be passed via certain raise and\n import commands.\";\ntag_summary = \"This host is running Zope, and is prone to Denial of Service\n Vulnerability.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800064\");\n script_version(\"$Revision: 9349 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:02:25 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2008-5102\");\n script_bugtraq_id(32267);\n script_name(\"Zope Python Scripts Local Denial of Service Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://www.zope.org/advisories/advisory-2008-08-12\");\n script_xref(name : \"URL\" , value : \"http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_require_ports(\"Services/www\", 8080);\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_mandatory_keys(\"zope/banner\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:8080);\n\nbanner = get_http_banner(port:port);\nif(!banner) exit(0);\n\nzopeVer = eregmatch(pattern:\"Zope ([0-9.]+)\", string:banner);\nif(zopeVer != NULL)\n{\n if(version_in_range(version:zopeVer[1], test_version:\"2.0\", test_version2:\"2.11.2\")){\n security_message(port);\n }\n}\n", "title": "Zope Python Scripts Local Denial of Service Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 3, "lastseen": "2018-09-02T00:06:28"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2008-5102"], "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "This host is running Zope, and is prone to Denial of Service\n Vulnerability.", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "f5823cf4a65c1d52b774d2faabfe0de8e56a06638171bbd19b42cd02d0ac8b57", "hashmap": [{"hash": "72694275d935257878567313a66fa0a7", "key": "published"}, {"hash": "711d051a7c0db70ca108b804aa5319ac", "key": "naslFamily"}, {"hash": "7d6e1681a216aff7ce7f0436bf05867b", "key": "href"}, {"hash": "25d13c3e750233700be7f325ba212b1b", "key": "reporter"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "65ff50d228cfe5e31b7abcdedf3aa6a5", "key": "cvelist"}, {"hash": "c10e62dd21db6d8723a1bccf496a8c1b", "key": "pluginID"}, {"hash": "03a2db73dc7c9043c15698d7c6ec2b4e", "key": "references"}, {"hash": "b999c85fb0eaf66addf42eb861a347f3", "key": "description"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "3acd5c52298d52c7e188feeb289548b8", "key": "cvss"}, {"hash": "2d5753ca3cb8627a5c3609a1839b7260", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "04fdbada8b4c77963d84f72150be6647", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800064", "id": "OPENVAS:1361412562310800064", "lastseen": "2018-04-06T11:16:09", "modified": "2018-04-06T00:00:00", "naslFamily": "Denial of Service", "objectVersion": "1.3", "pluginID": "1361412562310800064", "published": "2008-11-21T00:00:00", "references": ["http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt", "http://www.zope.org/advisories/advisory-2008-08-12"], "reporter": "Copyright (C) 2008 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_zope_python_scripts_dos_vuln_lin.nasl 9349 2018-04-06 07:02:25Z cfischer $\n#\n# Zope Python Scripts Local Denial of Service Vulnerability\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Update Zope to higher version,\n http://www.zope.org/Products/Zope/\n or\n Apply available patch,\n http://www.zope.org/Products/Zope/Hotfix-2008-08-12/\n\n *****\n NOTE: Ignore this warning if above mentioned patch is already applied.\n *****\";\n\ntag_impact = \"Successful exploitation allows remote authenticated users to cause\n denial of service or resource exhaustion.\n Impact Level: Application\";\ntag_affected = \"Zope Versions 2.x - 2.11.2 on Linux.\";\ntag_insight = \"Zope server allows improper strings to be passed via certain raise and\n import commands.\";\ntag_summary = \"This host is running Zope, and is prone to Denial of Service\n Vulnerability.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800064\");\n script_version(\"$Revision: 9349 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:02:25 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2008-5102\");\n script_bugtraq_id(32267);\n script_name(\"Zope Python Scripts Local Denial of Service Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://www.zope.org/advisories/advisory-2008-08-12\");\n script_xref(name : \"URL\" , value : \"http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_require_ports(\"Services/www\", 8080);\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_mandatory_keys(\"zope/banner\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:8080);\n\nbanner = get_http_banner(port:port);\nif(!banner) exit(0);\n\nzopeVer = eregmatch(pattern:\"Zope ([0-9.]+)\", string:banner);\nif(zopeVer != NULL)\n{\n if(version_in_range(version:zopeVer[1], test_version:\"2.0\", test_version2:\"2.11.2\")){\n security_message(port);\n }\n}\n", "title": "Zope Python Scripts Local Denial of Service Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2018-04-06T11:16:09"}, {"bulletin": {"bulletinFamily": "scanner", "cvelist": ["CVE-2008-5102"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This host is running Zope, and is prone to Denial of Service\n Vulnerability.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "43415ac045bc1e12cb6458c7927a2879eba9e9f07db344b127c6c5d0788ff3be", "hashmap": [{"hash": "72694275d935257878567313a66fa0a7", "key": "published"}, {"hash": "711d051a7c0db70ca108b804aa5319ac", "key": "naslFamily"}, {"hash": "7d6e1681a216aff7ce7f0436bf05867b", "key": "href"}, {"hash": "25d13c3e750233700be7f325ba212b1b", "key": "reporter"}, {"hash": "4fb7fd6149697e74d091717ea3f1ca84", "key": "modified"}, {"hash": "65ff50d228cfe5e31b7abcdedf3aa6a5", "key": "cvelist"}, {"hash": "c10e62dd21db6d8723a1bccf496a8c1b", "key": "pluginID"}, {"hash": "03a2db73dc7c9043c15698d7c6ec2b4e", "key": "references"}, {"hash": "b999c85fb0eaf66addf42eb861a347f3", "key": "description"}, {"hash": "47c1f692ea47a21f716dad07043ade01", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "2d5753ca3cb8627a5c3609a1839b7260", "key": "sourceData"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "04fdbada8b4c77963d84f72150be6647", "key": "title"}], "history": [], "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800064", "id": "OPENVAS:1361412562310800064", "lastseen": "2018-08-30T19:28:27", "modified": "2018-04-06T00:00:00", "naslFamily": "Denial of Service", "objectVersion": "1.3", "pluginID": "1361412562310800064", "published": "2008-11-21T00:00:00", "references": ["http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt", "http://www.zope.org/advisories/advisory-2008-08-12"], "reporter": "Copyright (C) 2008 Greenbone Networks GmbH", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_zope_python_scripts_dos_vuln_lin.nasl 9349 2018-04-06 07:02:25Z cfischer $\n#\n# Zope Python Scripts Local Denial of Service Vulnerability\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Update Zope to higher version,\n http://www.zope.org/Products/Zope/\n or\n Apply available patch,\n http://www.zope.org/Products/Zope/Hotfix-2008-08-12/\n\n *****\n NOTE: Ignore this warning if above mentioned patch is already applied.\n *****\";\n\ntag_impact = \"Successful exploitation allows remote authenticated users to cause\n denial of service or resource exhaustion.\n Impact Level: Application\";\ntag_affected = \"Zope Versions 2.x - 2.11.2 on Linux.\";\ntag_insight = \"Zope server allows improper strings to be passed via certain raise and\n import commands.\";\ntag_summary = \"This host is running Zope, and is prone to Denial of Service\n Vulnerability.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800064\");\n script_version(\"$Revision: 9349 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:02:25 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2008-5102\");\n script_bugtraq_id(32267);\n script_name(\"Zope Python Scripts Local Denial of Service Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://www.zope.org/advisories/advisory-2008-08-12\");\n script_xref(name : \"URL\" , value : \"http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_require_ports(\"Services/www\", 8080);\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_mandatory_keys(\"zope/banner\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:8080);\n\nbanner = get_http_banner(port:port);\nif(!banner) exit(0);\n\nzopeVer = eregmatch(pattern:\"Zope ([0-9.]+)\", string:banner);\nif(zopeVer != NULL)\n{\n if(version_in_range(version:zopeVer[1], test_version:\"2.0\", test_version2:\"2.11.2\")){\n security_message(port);\n }\n}\n", "title": "Zope Python Scripts Local Denial of Service Vulnerability", "type": "openvas", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:28:27"}], "edition": 4, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "65ff50d228cfe5e31b7abcdedf3aa6a5"}, {"key": "cvss", "hash": "3acd5c52298d52c7e188feeb289548b8"}, {"key": "description", "hash": "b999c85fb0eaf66addf42eb861a347f3"}, {"key": "href", "hash": "7d6e1681a216aff7ce7f0436bf05867b"}, {"key": "modified", "hash": "74eb8257893eb68558c2afaf68a28100"}, {"key": "naslFamily", "hash": "711d051a7c0db70ca108b804aa5319ac"}, {"key": "pluginID", "hash": "c10e62dd21db6d8723a1bccf496a8c1b"}, {"key": "published", "hash": "72694275d935257878567313a66fa0a7"}, {"key": "references", "hash": "03a2db73dc7c9043c15698d7c6ec2b4e"}, {"key": "reporter", "hash": "25d13c3e750233700be7f325ba212b1b"}, {"key": "sourceData", "hash": "8b7853026ac338b9822489d6db599f94"}, {"key": "title", "hash": "04fdbada8b4c77963d84f72150be6647"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "hash": "c41ab14f54e736d2b54dc4dd7bd752de611af4582403efdf061cb706ccebdb8f", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5102"]}, {"type": "openvas", "idList": ["OPENVAS:800064"]}, {"type": "exploitdb", "idList": ["EDB-ID:32581"]}], "modified": "2019-03-18T14:45:04"}, "score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_zope_python_scripts_dos_vuln_lin.nasl 14240 2019-03-17 15:50:45Z cfischer $\n#\n# Zope Python Scripts Local Denial of Service Vulnerability\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800064\");\n script_version(\"$Revision: 14240 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-17 16:50:45 +0100 (Sun, 17 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2008-5102\");\n script_bugtraq_id(32267);\n script_name(\"Zope Python Scripts Local Denial of Service Vulnerability\");\n script_xref(name:\"URL\", value:\"http://www.zope.org/advisories/advisory-2008-08-12\");\n script_xref(name:\"URL\", value:\"http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_require_ports(\"Services/www\", 8080);\n script_mandatory_keys(\"zope/banner\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote authenticated users to cause\n denial of service or resource exhaustion.\");\n script_tag(name:\"affected\", value:\"Zope Versions 2.x - 2.11.2 on Linux.\");\n script_tag(name:\"insight\", value:\"Zope server allows improper strings to be passed via certain raise and\n import commands.\");\n script_tag(name:\"summary\", value:\"This host is running Zope, and is prone to Denial of Service\n Vulnerability.\");\n script_tag(name:\"solution\", value:\"Update Zope to a later version.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:8080);\nbanner = get_http_banner(port:port);\nif(!banner) exit(0);\n\nzopeVer = eregmatch(pattern:\"Zope ([0-9.]+)\", string:banner);\nif(zopeVer != NULL)\n{\n if(version_in_range(version:zopeVer[1], test_version:\"2.0\", test_version2:\"2.11.2\")){\n security_message(port);\n }\n}\n", "naslFamily": "Denial of Service", "pluginID": "1361412562310800064", "scheme": null}
{"cve": [{"lastseen": "2016-09-03T11:19:10", "bulletinFamily": "NVD", "description": "PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.", "modified": "2009-09-01T01:21:44", "published": "2008-11-17T13:18:47", "id": "CVE-2008-5102", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5102", "type": "cve", "title": "CVE-2008-5102", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-03T17:19:52", "bulletinFamily": "exploit", "description": "Zope 2.11.2 PythonScript Multiple Remote Denial Of Service Vulnerabilities. CVE-2008-5102. Dos exploits for multiple platform", "modified": "2008-11-12T00:00:00", "published": "2008-11-12T00:00:00", "id": "EDB-ID:32581", "href": "https://www.exploit-db.com/exploits/32581/", "type": "exploitdb", "title": "Zope <= 2.11.2 PythonScript Multiple Remote Denial Of Service Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/32267/info\r\n\r\nZope is prone to multiple remote denial-of-service vulnerabilities.\r\n\r\nRemote attackers can exploit this issue to cause the Zope server to halt or to consume excessive server resources, resulting in denial-of-service conditions.\r\n\r\nThese issues affect Zope 2.7.0 through 2.11.2. \r\n\r\nTo halt the application:\r\nraise SystemExit\r\n\r\nTo consume excessive resources:\r\nreturn 'foo'.encode('test.testall') ", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/32581/"}], "openvas": [{"lastseen": "2017-07-02T21:10:19", "bulletinFamily": "scanner", "description": "This host is running Zope, and is prone to Denial of Service\n Vulnerability.", "modified": "2017-03-30T00:00:00", "published": "2008-11-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800064", "id": "OPENVAS:800064", "title": "Zope Python Scripts Local Denial of Service Vulnerability", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_zope_python_scripts_dos_vuln_lin.nasl 5785 2017-03-30 09:19:35Z cfi $\n#\n# Zope Python Scripts Local Denial of Service Vulnerability\n#\n# Authors:\n# Chandan S <schandan@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_solution = \"Update Zope to higher version,\n http://www.zope.org/Products/Zope/\n or\n Apply available patch,\n http://www.zope.org/Products/Zope/Hotfix-2008-08-12/\n\n *****\n NOTE: Ignore this warning if above mentioned patch is already applied.\n *****\";\n\ntag_impact = \"Successful exploitation allows remote authenticated users to cause\n denial of service or resource exhaustion.\n Impact Level: Application\";\ntag_affected = \"Zope Versions 2.x - 2.11.2 on Linux.\";\ntag_insight = \"Zope server allows improper strings to be passed via certain raise and\n import commands.\";\ntag_summary = \"This host is running Zope, and is prone to Denial of Service\n Vulnerability.\";\n\nif(description)\n{\n script_id(800064);\n script_version(\"$Revision: 5785 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-30 11:19:35 +0200 (Thu, 30 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_cve_id(\"CVE-2008-5102\");\n script_bugtraq_id(32267);\n script_name(\"Zope Python Scripts Local Denial of Service Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://www.zope.org/advisories/advisory-2008-08-12\");\n script_xref(name : \"URL\" , value : \"http://www.zope.org/Products/Zope/Hotfix-2008-08-12/README.txt\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_require_ports(\"Services/www\", 8080);\n script_dependencies(\"gb_get_http_banner.nasl\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_mandatory_keys(\"zope/banner\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:8080);\n\nbanner = get_http_banner(port:port);\nif(!banner) exit(0);\n\nzopeVer = eregmatch(pattern:\"Zope ([0-9.]+)\", string:banner);\nif(zopeVer != NULL)\n{\n if(version_in_range(version:zopeVer[1], test_version:\"2.0\", test_version2:\"2.11.2\")){\n security_message(port);\n }\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:NONE/A:PARTIAL/"}}]}
