Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Zope < 2.2.5 Multiple Vulnerabilities

Medium

Synopsis

According to its banner, the remote web server is Zope &lt; 2.2.5.

Description

According to its banner, the remote web server is Zope < 2.2.5. Such versions suffer from security issues involving incorrect protection of a data updating method on Image and File objects. Because the method is not correctly protected, it is possible for users with DTML editing privileges to update the raw data of a File or Image object via DTML even though they do not have editing privileges on the objects themselves.

Solution

Upgrade to Zope 2.2.5 or higher.