Zope Image and File Update Data Protection Bypass

medium Nessus Plugin ID 10569

Synopsis

The remote web server contains an application server that fails to protect stored content from modification by remote users.

Description

According to its banner, the remote web server is Zope < 2.2.5. Such versions suffer from a security issue involving incorrect protection of a data updating method on Image and File objects. Because the method is not correctly protected, it is possible for users with DTML editing privileges to update the raw data of a File or Image object via DTML though they do not have editing privileges on the objects themselves.

*** Since Nessus solely relied on the version number of the server,
*** consider this a false positive if the hotfix has already been applied.

Solution

Upgrade to Zope 2.2.5 or apply the hotfix referenced in the vendor advisory above.

See Also

https://mail.zope.org/pipermail/zope-announce/2000-December/000323.html

http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert

Plugin Details

Severity: Medium

ID: 10569

File Name: zope_img_updating.nasl

Version: 1.29

Type: remote

Family: Web Servers

Published: 12/19/2000

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/zope

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 12/12/2000

Reference Information

CVE: CVE-2000-1212

BID: 922