Vulnerability Details CVE-2009-2701
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.0%
CVSS Severity
CVSS v2 Score 6.0
References
- http://pypi.python.org/pypi/ZODB3/3.8.3
- http://pypi.python.org/pypi/ZODB3/3.9.0c2
- http://www.vupen.com/english/advisories/2009/2534
- https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html
- http://pypi.python.org/pypi/ZODB3/3.8.3
- http://pypi.python.org/pypi/ZODB3/3.9.0c2
- http://www.vupen.com/english/advisories/2009/2534
- https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html
Products affected by CVE-2009-2701
-
cpe:2.3:a:zope:zodb:3.8
-
cpe:2.3:a:zope:zodb:3.8.0
-
cpe:2.3:a:zope:zodb:3.8.1
-
cpe:2.3:a:zope:zodb:3.8.2
-
cpe:2.3:a:zope:zodb:3.9.0
-
cpe:2.3:a:zope:zodb:3.9.0b1
-
cpe:2.3:a:zope:zodb:3.9.0b2
-
cpe:2.3:a:zope:zodb:3.9.0b3
-
cpe:2.3:a:zope:zodb:3.9.0b4
-
cpe:2.3:a:zope:zodb:3.9.0b5
-
cpe:2.3:a:zope:zodb:3.9.0c1