Zope < 2.1.7 DocumentTemplate Unauthorized DTML Entity Modification

High Nessus Plugin ID 10447


The remote web server contains an application server that fails to protect stored content and code from modification by remote users.


The remote web server is Zope < 2.1.7. There is a security problem in these versions that can allow the contents of DTMLDocuments or DTMLMethods to be changed without forcing proper user authentication.


Upgrade to Zope 2.1.7 or later.

See Also



Plugin Details

Severity: High

ID: 10447

File Name: zope.nasl

Version: $Revision: 1.24 $

Type: remote

Family: Web Servers

Published: 2000/06/22

Modified: 2011/03/17

Dependencies: 10107, 17975

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: www/zope

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2000/06/15

Reference Information

CVE: CVE-2000-0483

BID: 1354

OSVDB: 347