Vulnerability Description
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zope | Zope | 2.2.0 |
References
- http://www.iss.net/security_center/static/5824.php
- http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3PatchVendor Advisory
- http://www.osvdb.org/6282
- http://www.redhat.com/support/errata/RHSA-2000-125.html
- http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alertPatchVendor Advisory
- http://www.iss.net/security_center/static/5824.php
- http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3PatchVendor Advisory
- http://www.osvdb.org/6282
- http://www.redhat.com/support/errata/RHSA-2000-125.html
- http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alertPatchVendor Advisory
FAQ
What is CVE-2000-1211?
CVE-2000-1211 is a vulnerability with a CVSS score of 7.5 (HIGH). Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activi...
How severe is CVE-2000-1211?
CVE-2000-1211 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-1211?
Check the references section above for vendor advisories and patch information. Affected products include: Zope Zope.