VULHUB ™

Zope is a freely available dynamic web page management suite, written and maintained by the Zope Project. A problem exists which could allow a user access to unauthorized resources. The problem occurs in the handling of legacy file names. Insufficent access control on certain DTML Method objects make it possible to anonymous remote users to create new objects and DTML Method instances. This would allow a malicious user to potentially create new methods and possibly retrieve information from a system running Zope. It could also potentially result in a compromise of data being handled by Zope. This vulnerability affects Zope software revisions 2.2.0 thru 2.2.4.

Zope is a freely available dynamic web page management suite, written and maintained by the Zope Project. A problem exists which could allow a user access to unauthorized resources. The problem occurs in the handling of legacy file names. Insufficent access control on certain DTML Method objects make it possible to anonymous remote users to create new objects and DTML Method instances. This would allow a malicious user to potentially create new methods and possibly retrieve information from a system running Zope. It could also potentially result in a compromise of data being handled by Zope. This vulnerability affects Zope software revisions 2.2.0 thru 2.2.4.