CVE-2000-0725

Published: Oct 20, 2000Modified: Apr 16, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Affected (4)

Products: Zope: Zope

Zope

1 product

Zope

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Zope Zope	Version 1.10.3
Zope Zope	Version 2.1.1
Zope Zope	Version 2.1.7
Zope Zope	Version 2.2_beta1

References (12)

http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html

Source: cve@mitre.org

PatchVendor Advisory

http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html

Source: cve@mitre.org

Patch

http://www.debian.org/security/2000/20000821

Source: cve@mitre.org

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2000-052.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/1577

Source: cve@mitre.org

PatchVendor Advisory

http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html