CVE-2009-0669

Published: Aug 7, 2009Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

Affected (3)

Products: Zope: Zodb

Zope

1 product

Zodb

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Zope Zodb	Up to 3.8.1
Zope Zodb	Version 3.8.0
Zope Zodb	Version 3.8

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (16)

http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html

Source: cve@mitre.org

http://osvdb.org/56826

Source: cve@mitre.org

http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/36204

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/36205

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/35987

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/2217

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/52379

Source: cve@mitre.org

http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html