Lucene search

GoogleOSV:DSA-910-1

HistoryNov 24, 2005 - 12:00 a.m.

zope2.7 - design error

2005-11-2400:00:00

Google

osv.dev

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

A vulnerability has been discovered in zope 2.7, an Open Source web
application server, that allows remote attackers to insert arbitrary
files via include directives in reStructuredText functionality.

The old stable distribution (woody) does not contain zope2.7 packages.

For the stable distribution (sarge) this problem has been fixed in
version 2.7.5-2sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.7.8-1.

We recommend that you upgrade your zope2.7 package.

CPENameOperatorVersion
zope2.7eq2.7.5-2

CPE	Name	Operator	Version
	zope2.7	eq	2.7.5-2

References

www.debian.org/security/2005/dsa-910

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for OSV:DSA-910-1