HTTP header injection in Plone and Zope2

ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...

PYSEC-2014-73

ZPublisher.HTTPRequest.scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character...

PT-2014-2313 · Plone +2 · Plone +2

Name of the Vulnerable Software and Affected Versions: Zope versions prior to 2.13.19 Plone versions prior to 4.3 beta 1 Description: The issue allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character in the ZPublisher.HTTPRequest. scrubHeader function. Recommendations...

Mandrake Linux Security Advisory : Zope (MDKSA-2000:035)

A problem exists in the Zope package with the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the reque...

Debian Security Advisory DSA 043-1 (zope)

The remote host is missing an update to zope announced via advisory DSA 043-1. OpenVAS Vulnerability Test $Id: deb0431.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 043-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...