ID de Prueba:	1.3.6.1.4.1.25623.1.0.10569
Categoría:	CGI abuses
Título:	Zope Image updating Method
Resumen:	NOSUMMARY
Descripción:	Description: The remote web server is Zope < 2.2.5 There is a security issue in all releases prior to version 2.2.5. The issue involves incorrect protection of a data updating method on Image and File objects. Because the method is not correctly protected, it is possible for users with DTML editing privileges to update the raw data of a File or Image object via DTML though they do not have editing privileges on the objects themselves. *** Nessus solely relied on the version number of your *** server, so if you applied the hotfix already, *** consider this alert as a false positive. Solution : Upgrade to Zope 2.2.5 or apply the hotfix available at http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert Risk factor : High
Referencia Cruzada:	BugTraq ID: 922 Common Vulnerability Exposure (CVE) ID: CVE-2000-0062 http://www.securityfocus.com/bid/922 Bugtraq: 20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT] (Google Search) http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net XForce ISS Database: zope-dtml
Copyright	This script is Copyright (C) 2000 Renaud Deraison

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.