Zope Image and File Update Data Protection Bypass

This script is Copyright (C) 2000-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server contains an application server that fails to
protect stored content from modification by remote users.

Description :

According to its banner, the remote web server is Zope < 2.2.5. Such
versions suffer from a security issue involving incorrect protection
of a data updating method on Image and File objects. Because the
method is not correctly protected, it is possible for users with DTML
editing privileges to update the raw data of a File or Image object
via DTML though they do not have editing privileges on the objects
themselves.

*** Since Nessus solely relied on the version number of the server,
*** consider this a false positive if the hotfix has already been applied.

See also :

http://mail.zope.org/pipermail/zope-announce/2000-December/000323.html
http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert

Solution :

Upgrade to Zope 2.2.5 or apply the hotfix referenced in the vendor
advisory above.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 6.0
(CVSS2#E:H/RL:U/RC:C)

Family: Web Servers

Nessus Plugin ID: 10569 ()

Bugtraq ID: 922

CVE ID: CVE-2000-1212