CVE-2000-0483

Current Description

The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.

Basic Data

PublishedJune 15, 2000
Last ModifiedOctober 10, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatLinux Powertools6.1*******
    2.3ApplicationRedhatLinux Powertools6.2*******
    2.3ApplicationZopeZope1.10.3*******
    2.3ApplicationZopeZope2.1.1*******
    2.3ApplicationZopeZope2.1.7*******

Vulnerable Software List

VendorProductVersions
Redhat Linux Powertools 6.1, 6.2
Zope Zope 1.10.3, 2.1.1, 2.1.7

References

NameSourceURLTags
FreeBSD-SA-00:38ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.ascFREEBSD
20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.htmlBUGTRAQPatch Vendor Advisory
20000728 MDKSA-2000:026 Zope updatehttp://archives.neohapsis.com/archives/bugtraq/2000-07/0412.htmlBUGTRAQ
RHSA-2000:038http://www.redhat.com/support/errata/RHSA-2000-038.htmlREDHAT
1354http://www.securityfocus.com/bid/1354BID
2000615 Conectiva Linux Security Announcement - ZOPEhttp://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.brBUGTRAQ
http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alerthttp://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alertCONFIRMPatch
zope-dtml-remote-modify(4716)https://exchange.xforce.ibmcloud.com/vulnerabilities/4716XF