Zope < 2.3.3 ZClass Permission Mapping Modification Local Privilege Escalation

This script is Copyright (C) 2001-2013 Alert4Web.com

Synopsis :

The remote web server contains an application server that is prone
to a privilege escalation flaw.

Description :

The remote web server uses a version of Zope which is older than
version 2.3.3. In such versions, any user can visit a ZClass
declaration and change the ZClass permission mappings for methods and
other objects defined within the ZClass, possibly allowing for
unauthorized access within the Zope instance.

*** Nessus solely relied on the version number of the server, so if
*** the hotfix has already been applied, this might be a false positive

See also :


Solution :

Upgrade to Zope 2.3.3 or apply the hotfix referenced in the vendor
advisory above.

Risk factor :

Medium / CVSS Base Score : 4.6

Family: Web Servers

Nessus Plugin ID: 10777 ()

Bugtraq ID:

CVE ID: CVE-2001-0567

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now