Zope Local ZClass Modification DoS

2001-02-15T00:00:00
ID OSVDB:6285
Type osvdb
Reporter OSVDB
Modified 2001-02-15T00:00:00

Description

Vulnerability Description

Zope contains a flaw that may allow a local denial of service. It is possible for a malicous user with through-the-web scripting capabilities to modify attributes or methods of existing ZClasses, which potentially interfere with normal site functionality, resulting in a loss of availability for the web server.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Zope has released a patch to address this vulnerability.

Short Description

Zope contains a flaw that may allow a local denial of service. It is possible for a malicous user with through-the-web scripting capabilities to modify attributes or methods of existing ZClasses, which potentially interfere with normal site functionality, resulting in a loss of availability for the web server.

References:

Vendor URL: http://zope.org/ Vendor Specific Solution URL: http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23 Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL RedHat RHSA: RHSA-2001:021 ISS X-Force ID: 6247 CVE-2001-0568 Bugtraq ID: 2458