Vulnerability Details CVE-2001-1278
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3
- http://www.redhat.com/support/errata/RHSA-2001-115.html
- http://www.securityfocus.com/bid/3425
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3
- http://www.redhat.com/support/errata/RHSA-2001-115.html
- http://www.securityfocus.com/bid/3425
Products affected by CVE-2001-1278
-
cpe:2.3:a:zope:zope:2.2.0
-
cpe:2.3:a:zope:zope:2.2.1
-
cpe:2.3:a:zope:zope:2.2.2
-
cpe:2.3:a:zope:zope:2.2.3
-
cpe:2.3:a:zope:zope:2.2.4