Vulnerability Description
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zope | Zope | 1.10.3 |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.htmlPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.htmlPatch
- http://www.debian.org/security/2000/20000821Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2000-052.html
- http://www.securityfocus.com/bid/1577PatchVendor Advisory
- http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.htmlPatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.htmlPatch
- http://www.debian.org/security/2000/20000821Vendor Advisory
- http://www.redhat.com/support/errata/RHSA-2000-052.html
- http://www.securityfocus.com/bid/1577PatchVendor Advisory
- http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
FAQ
What is CVE-2000-0725?
CVE-2000-0725 is a vulnerability with a CVSS score of 7.2 (HIGH). Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
How severe is CVE-2000-0725?
CVE-2000-0725 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0725?
Check the references section above for vendor advisories and patch information. Affected products include: Zope Zope.