Zope DTML格式方法校验漏洞

admin
admin
admin
0
文章
0
评论
2022-07-22 07:56:14 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Zope DTML格式方法校验漏洞

  • CNNVD编号:CNNVD-200110-039
  • 危害等级: 高危
  • CVE编号: CVE-2001-1227
  • 漏洞类型: 输入验证
  • 发布时间: 2001-10-10
  • 威胁类型: 远程
  • 更新时间: 2005-05-02
  • 厂        商: zope
  • 漏洞来源:

漏洞简介

Zope 2.2.4之前的版本存在漏洞。部分信任用户可以利用一些通过dtml-var标签fmt属性的访问方法,绕过某些方法的安全控制。

漏洞公告

Upgrades are available. Zope Zope 2.2 .0

  • Zope Hotfix_2001-09-28 http://www.zope.org/Products/Zope/Hotfix_2001-09-28/
Zope Zope 2.2.1
  • Zope Hotfix_2001-09-28 http://www.zope.org/Products/Zope/Hotfix_2001-09-28/
Zope Zope 2.2.2
  • Zope Hotfix_2001-09-28 http://www.zope.org/Products/Zope/Hotfix_2001-09-28/
Zope Zope 2.2.3
  • Zope Hotfix_2001-09-28 http://www.zope.org/Products/Zope/Hotfix_2001-09-28/
Zope Zope 2.2.4
  • MandrakeSoft 1.0.1 Zope-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 1.0.1 Zope-components-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 1.0.1 Zope-core-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 1.0.1 Zope-pcgi-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 1.0.1 Zope-services-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 1.0.1 Zope-zpublisher-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 1.0.1 Zope-zserver-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 1.0.1 Zope-ztemplates-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.1 Zope-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3.
  • MandrakeSoft 7.1 Zope-components-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.1 Zope-core-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.1 Zope-pcgi-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.1 Zope-services-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.1 Zope-zpublisher-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.1 Zope-zserver-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.1 Zope-ztemplates-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.2 Zope-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.2 Zope-components-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.2 Zope-core-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.2 Zope-pcgi-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.2 Zope-services-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.2 Zope-zpublisher-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.2 Zope-zserver-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • MandrakeSoft 7.2 Zope-ztemplates-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
  • RedHat 6.2 alpha Zope-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-2.2.4-9.alpha.rp m
  • RedHat 6.2 alpha Zope-components-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-components-2.2.4 -9.alpha.rpm
  • RedHat 6.2 alpha Zope-core-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-core-2.2.4-9.alp ha.rpm
  • RedHat 6.2 alpha Zope-pcgi-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-pcgi-2.2.4-9.alp ha.rpm
  • RedHat 6.2 alpha Zope-services-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-services-2.2.4-9 .alpha.rpm
  • RedHat 6.2 alpha Zope-zpublisher-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-zpublisher-2.2.4 -9.alpha.rpm
  • RedHat 6.2 alpha Zope-zserver-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-zserver-2.2.4-9. alpha.rpm
  • RedHat 6.2 alpha Zope-ztemplates-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-ztemplates-2.2.4 -9.alpha.rpm
  • RedHat 6.2 i386 Zope-2.2.4-9.i386.rpm ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-2.2.4-9.i386.rpm
  • RedHat 6.2 i386 Zope-components-2.2.4-9.i386.rpm ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-components-2.2.4- 9.i386.rpm
  • RedHat 6.2 i386 Zope-core-2.2.4-9.i386.rpm ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-core-2.2.4-9.i386 .rpm
  • RedHat 6.2 i386 Zope-services-2.2.4-9.i386.rpm ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-services-2.2.4-9. i386.rpm
  • RedHat 6.2

参考网址

来源: REDHAT 名称: RHSA-2001:115 链接:http://www.redhat.com/support/errata/RHSA-2001-115.HTML 来源: MANDRAKE 名称: MDKSA-2001:080 链接:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3 来源: XF 名称: zope-fmt-access-methods(7271) 链接:http://xforce.iss.net/xforce/xfdb/7271 来源: BID 名称: 3425 链接:http://www.securityfocus.com/bid/3425 来源: REDHAT 名称: RHSA-2001:072 链接:http://www.redhat.com/support/errata/RHSA-2001-072.HTML

受影响实体

  • Zope Zope:2.2.4  
  • Zope Zope:2.2.5  
  • Zope Zope:2.2.1  
  • Zope Zope:2.2.2  
  • Zope Zope:2.2.3  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0