CVE-2001-1227

Published: Oct 10, 2001Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

Affected (6)

Products: Zope: Zope

Zope

1 product

Zope

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Zope Zope	Version 2.2.0
Zope Zope	Version 2.2.1
Zope Zope	Version 2.2.2
Zope Zope	Version 2.2.3
Zope Zope	Version 2.2.4
Zope Zope	Version 2.2.5

References (10)

http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3

Source: cve@mitre.org

Patch

http://www.redhat.com/support/errata/RHSA-2001-072.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2001-115.html

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/3425

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/7271

Source: cve@mitre.org

http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3