CVE-2000-1212

Advisory

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert
• http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086
• http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
• http://www.debian.org/security/2001/dsa-007
• http://www.redhat.com/support/errata/RHSA-2000-135.html
• http://www.osvdb.org/6283
• https://exchange.xforce.ibmcloud.com/vulnerabilities/5778
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1212