漏洞信息详情
Zope DTML格式方法校验漏洞
- CNNVD编号:CNNVD-200110-036
- 危害等级: 高危
- CVE编号: CVE-2001-1278
- 漏洞类型: 输入验证
- 发布时间: 2001-10-10
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: zope
- 漏洞来源:
漏洞简介
Zope 2.2.4之前的版本存在漏洞。部分信任用户可以利用一些通过dtml-var标签fmt属性的访问方法,绕过某些方法的安全控制。
漏洞公告
Upgrades are available. Zope Zope 2.2 .0
- Zope Hotfix_2001-09-28 http://www.zope.org/Products/Zope/Hotfix_2001-09-28/
- Zope Hotfix_2001-09-28 http://www.zope.org/Products/Zope/Hotfix_2001-09-28/
- Zope Hotfix_2001-09-28 http://www.zope.org/Products/Zope/Hotfix_2001-09-28/
- Zope Hotfix_2001-09-28 http://www.zope.org/Products/Zope/Hotfix_2001-09-28/
- MandrakeSoft 1.0.1 Zope-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 1.0.1 Zope-components-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 1.0.1 Zope-core-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 1.0.1 Zope-pcgi-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 1.0.1 Zope-services-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 1.0.1 Zope-zpublisher-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 1.0.1 Zope-zserver-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 1.0.1 Zope-ztemplates-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.1 Zope-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3.
- MandrakeSoft 7.1 Zope-components-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.1 Zope-core-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.1 Zope-pcgi-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.1 Zope-services-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.1 Zope-zpublisher-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.1 Zope-zserver-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.1 Zope-ztemplates-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.2 Zope-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.2 Zope-components-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.2 Zope-core-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.2 Zope-pcgi-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.2 Zope-services-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.2 Zope-zpublisher-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.2 Zope-zserver-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- MandrakeSoft 7.2 Zope-ztemplates-2.2.4-1.5mdk.i586.rpm http://www.linux-mandrake.com/en/ftp.php3
- RedHat 6.2 alpha Zope-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-2.2.4-9.alpha.rp m
- RedHat 6.2 alpha Zope-components-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-components-2.2.4 -9.alpha.rpm
- RedHat 6.2 alpha Zope-core-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-core-2.2.4-9.alp ha.rpm
- RedHat 6.2 alpha Zope-pcgi-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-pcgi-2.2.4-9.alp ha.rpm
- RedHat 6.2 alpha Zope-services-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-services-2.2.4-9 .alpha.rpm
- RedHat 6.2 alpha Zope-zpublisher-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-zpublisher-2.2.4 -9.alpha.rpm
- RedHat 6.2 alpha Zope-zserver-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-zserver-2.2.4-9. alpha.rpm
- RedHat 6.2 alpha Zope-ztemplates-2.2.4-9.alpha.rpm ftp://updates.redhat.com/6.2/en/powertools/alpha/Zope-ztemplates-2.2.4 -9.alpha.rpm
- RedHat 6.2 i386 Zope-2.2.4-9.i386.rpm ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-2.2.4-9.i386.rpm
- RedHat 6.2 i386 Zope-components-2.2.4-9.i386.rpm ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-components-2.2.4- 9.i386.rpm
- RedHat 6.2 i386 Zope-core-2.2.4-9.i386.rpm ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-core-2.2.4-9.i386 .rpm
- RedHat 6.2 i386 Zope-services-2.2.4-9.i386.rpm ftp://updates.redhat.com/6.2/en/powertools/i386/Zope-services-2.2.4-9. i386.rpm
-
RedHat 6.2
参考网址
来源: REDHAT 名称: RHSA-2001:115 链接:http://www.redhat.com/support/errata/RHSA-2001-115.HTML 来源: MANDRAKE 名称: MDKSA-2001:080 链接:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3 来源: BID 名称: 3425 链接:http://www.securityfocus.com/bid/3425
受影响实体
- Zope Zope:2.2.4
- Zope Zope:2.2.3
- Zope Zope:2.2.2
- Zope Zope:2.2.1
- Zope Zope:2.2.0
补丁
暂无
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
评论