Vulnerabilites - CVE-2000-0725

Home > Resources > Vulnerabilites > CVE-2000-0725

Resources

CVE-2000-0725

Status:

Entry

Description:

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Reference:

CONFIRM:http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
REDHAT:RHSA-2000:052
URL:http://www.redhat.com/support/errata/RHSA-2000-052.html
DEBIAN:20000821 zope: unauthorized escalation of privilege (update)
URL:http://www.debian.org/security/2000/20000821
BUGTRAQ:20000821 Conectiva Linux Security Announcement - Zope
URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
BUGTRAQ:20000816 MDKSA-2000:035 Zope update
URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
BID:1577
URL:http://www.securityfocus.com/bid/1577

CVE ID

Protocol

SoursePort

TargetPort

Other Vulnerabilities:

Year	CEV (3053) Common Vulnerabilities and Exposures	CAN (20174) Candidate
1999	CVE-1999 (821)	CAN-1999 (749 )
2000	CVE-2000 (808)	CAN-2000 (423 )
2001	CVE-2001 (625)	CAN-2001 (934 )
2002	CVE-2002 (643)	CAN-2002 (1566)
2003	CVE-2003 (81 )	CAN-2003 (1236)
2004	CVE-2004 (75 )	CAN-2004 (2601)
2005	-	CAN-2005 (4825)
2006	-	CAN-2006 (6982)
2007	-	CAN-2007 (858 )

Free Network Analyzer

Free Packet Sniffer

We’re here to help…

Call:  800-381-6680
Fax:  888-813-1029
email:

Quick Links

Stay in touch

Colasoft, Capsa, nChronos and Colasoft logos are registered trademarks of Colasoft. Sniffer is a registered trademark of Network General Corporation. All other names are trademarks or registered trademarks of their respective owners.

nChronos

Capsa

nChronos

Capsa Enterprise

Capsa Professional

Other

Colasoft Online Store

How to Buy

nChronos

Capsa

Network Tools

Other

Resources

CVE-2000-0725

Status:

Description:

Reference:

Other Vulnerabilities:

Free Network Analyzer

We’re here to help…

Quick Links

Stay in touch