Summary
The remote web server contains an application server that is prone to a privilege escalation flaw.
Description :
The remote web server uses a version of Zope which is older than version 2.3.3. In such versions, any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance.
*** OVS solely relied on the version number of your server, so if *** the hotfix has already been applied, this might be a false positive
Solution
Upgrade to Zope 2.3.3 or apply the hotfix referenced in the vendor advisory above.
Severity
Classification
-
CVE CVE-2001-0567 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Lil' HTTP Server Cross Site Scripting Vulnerability
- IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011
- Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
- jHTTPd Directory Traversal Vulnerability