Vulnerability Details CVE-2001-1227
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3
- http://www.redhat.com/support/errata/RHSA-2001-072.html
- http://www.redhat.com/support/errata/RHSA-2001-115.html
- http://www.securityfocus.com/bid/3425
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7271
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3
- http://www.redhat.com/support/errata/RHSA-2001-072.html
- http://www.redhat.com/support/errata/RHSA-2001-115.html
- http://www.securityfocus.com/bid/3425
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7271
Products affected by CVE-2001-1227
-
cpe:2.3:a:zope:zope:2.2.0
-
cpe:2.3:a:zope:zope:2.2.1
-
cpe:2.3:a:zope:zope:2.2.2
-
cpe:2.3:a:zope:zope:2.2.3
-
cpe:2.3:a:zope:zope:2.2.4
-
cpe:2.3:a:zope:zope:2.2.5