Zope Incorrect XML-RPC Request Information Disclosure Vulnerability

Threat level definition

Zope Incorrect XML-RPC Request Information Disclosure Vulnerability

Solution:
Zope versions 2.5.1b2 and later are reportedly not vulnerable to this issue.

Gentoo Linux has released an advisory. Users of net-www/zope-2.5.1 and earlier are urged to update their systems by issuing the following commands:

emerge rsync
emerge zope
emerge clean

Fixes are available:

Zope Zope 2.3.2

Zope Zope-2.6.0b1-linux2-x86.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-linux2-x86.tgz

Zope Zope-2.6.0b1-solaris-2.8-sparc.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-solaris-2.8-spa rc.tgz

Zope Zope-2.6.0b1-win32-x86.exe
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-win32-x86.exe

Zope Zope 2.3.3

Zope Zope-2.6.0b1-linux2-x86.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-linux2-x86.tgz

Zope Zope-2.6.0b1-solaris-2.8-sparc.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-solaris-2.8-spa rc.tgz

Zope Zope-2.6.0b1-win32-x86.exe
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-win32-x86.exe

Zope Zope 2.4 .0

Zope Zope-2.6.0b1-linux2-x86.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-linux2-x86.tgz

Zope Zope-2.6.0b1-solaris-2.8-sparc.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-solaris-2.8-spa rc.tgz

Zope Zope-2.6.0b1-win32-x86.exe
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-win32-x86.exe

Zope Zope 2.4.1

Zope Zope-2.6.0b1-linux2-x86.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-linux2-x86.tgz

Zope Zope-2.6.0b1-solaris-2.8-sparc.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-solaris-2.8-spa rc.tgz

Zope Zope-2.6.0b1-win32-x86.exe
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-win32-x86.exe

Zope Zope 2.4.2

Zope Zope-2.6.0b1-linux2-x86.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-linux2-x86.tgz

Zope Zope-2.6.0b1-solaris-2.8-sparc.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-solaris-2.8-spa rc.tgz

Zope Zope-2.6.0b1-win32-x86.exe
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-win32-x86.exe

Zope Zope 2.4.3

Zope Zope-2.6.0b1-linux2-x86.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-linux2-x86.tgz

Zope Zope-2.6.0b1-solaris-2.8-sparc.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-solaris-2.8-spa rc.tgz

Zope Zope-2.6.0b1-win32-x86.exe
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-win32-x86.exe

Zope Zope 2.4.4 b1

Zope Zope-2.6.0b1-linux2-x86.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-linux2-x86.tgz

Zope Zope-2.6.0b1-solaris-2.8-sparc.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-solaris-2.8-spa rc.tgz

Zope Zope-2.6.0b1-win32-x86.exe
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-win32-x86.exe

Zope Zope 2.5 .0

Zope Zope-2.6.0b1-linux2-x86.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-linux2-x86.tgz

Zope Zope-2.6.0b1-solaris-2.8-sparc.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-solaris-2.8-spa rc.tgz

Zope Zope-2.6.0b1-win32-x86.exe
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-win32-x86.exe

Zope Zope 2.5.1

Zope Zope-2.6.0b1-linux2-x86.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-linux2-x86.tgz

Zope Zope-2.6.0b1-solaris-2.8-sparc.tgz
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-solaris-2.8-spa rc.tgz

Zope Zope-2.6.0b1-win32-x86.exe
http://www.zope.org/Products/Zope/2.6.0b1/Zope-2.6.0b1-win32-x86.exe

Privacy Statement
Copyright 2009, SecurityFocus