Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Zope < 2.3.3 ZClass Permission Mapping Modification Local Privilege Escalation



The remote host is vulnerable to a flaw which allows for the bypassing of authentication.


The remote web server is a version of Zope which is older than 2.3.3. There is a security issue in all releases prior to version 2.3.3 which allow any user to visit a ZClass declaration and change its permission mappings for methods and other objects defined within the ZClass, possibly allowing unauthorized access within the Zope instance.


Update to Zope 2.3.3 or higher.