Vulnerability Description
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zope | Zodb | <= 3.8.1 |
Related Weaknesses (CWE)
References
- http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
- http://osvdb.org/56826
- http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2PatchVendor Advisory
- http://secunia.com/advisories/36204Vendor Advisory
- http://secunia.com/advisories/36205Vendor Advisory
- http://www.securityfocus.com/bid/35987
- http://www.vupen.com/english/advisories/2009/2217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52379
- http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
- http://osvdb.org/56826
- http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2PatchVendor Advisory
- http://secunia.com/advisories/36204Vendor Advisory
- http://secunia.com/advisories/36205Vendor Advisory
- http://www.securityfocus.com/bid/35987
- http://www.vupen.com/english/advisories/2009/2217
FAQ
What is CVE-2009-0669?
CVE-2009-0669 is a vulnerability with a CVSS score of 7.5 (HIGH). Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network...
How severe is CVE-2009-0669?
CVE-2009-0669 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0669?
Check the references section above for vendor advisories and patch information. Affected products include: Zope Zodb.