Vulnerability Details CVE-2000-1212
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 73.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086
- http://www.debian.org/security/2001/dsa-007
- http://www.osvdb.org/6283
- http://www.redhat.com/support/errata/RHSA-2000-135.html
- http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5778
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086
- http://www.debian.org/security/2001/dsa-007
- http://www.osvdb.org/6283
- http://www.redhat.com/support/errata/RHSA-2000-135.html
- http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5778
Products affected by CVE-2000-1212
-
cpe:2.3:a:zope:zope:2.2.0
-
cpe:2.3:a:zope:zope:2.2.0a1
-
cpe:2.3:a:zope:zope:2.2.0b1
-
cpe:2.3:a:zope:zope:2.2.0b2
-
cpe:2.3:a:zope:zope:2.2.0b3
-
cpe:2.3:a:zope:zope:2.2.0b4
-
cpe:2.3:a:zope:zope:2.2.1
-
cpe:2.3:a:zope:zope:2.2.1b1
-
cpe:2.3:a:zope:zope:2.2.2
-
cpe:2.3:a:zope:zope:2.2.3
-
cpe:2.3:a:zope:zope:2.2.4