Zope Through The Web Code Header Injection DoS

2004-04-08T23:13:42
ID OSVDB:5166
Type osvdb
Reporter OSVDB
Modified 2004-04-08T23:13:42

Description

Vulnerability Description

Zope contains a flaw that may allow a remote denial of service. The issue can be triggered on systems where users can write "Through The Web Code", and will result in loss of availability for the service.

Solution Description

Upgrade to version 2.5.1b2 or higher, as it has been reported to fix this vulnerability. A hotfix is also available at the manufacturers website.

Short Description

Zope contains a flaw that may allow a remote denial of service. The issue can be triggered on systems where users can write "Through The Web Code", and will result in loss of availability for the service.

References:

Vendor Specific Advisory URL RedHat RHSA: RHSA-2002:060-17 ISS X-Force ID: 9621 CVE-2002-0687 Bugtraq ID: 5813