Zope +DTMLTemplates and DTMLMethods Remote Modification Vulnerability

Zope is a popular open source web application server that runs on many unix platforms. A security advisory has been recently issued by Zope regarding a vulnerability that may allow an attacker to modify DTMLMethods or DTMLDocuments remotely. The problem is described to be inadequately protected method in one of Zope's base classes that can be exploited remotely or through DTML code without proper authentication.


 

Privacy Statement
Copyright 2010, SecurityFocus