CVE-2001-1278

Published: Oct 10, 2001Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

Affected (5)

Products: Zope: Zope

Zope

1 product

Zope

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Zope Zope	Version 2.2.0
Zope Zope	Version 2.2.1
Zope Zope	Version 2.2.2
Zope Zope	Version 2.2.3
Zope Zope	Version 2.2.4

References (6)

http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2001-115.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/bid/3425

Source: cve@mitre.org

http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2001-115.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/3425

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.