CVE-2009-2701

Sažetak

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.

Reference

http://pypi.python.org/pypi/ZODB3/3.8.3
http://pypi.python.org/pypi/ZODB3/3.9.0c2
http://www.vupen.com/english/advisories/2009/2534
https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html

CVSS

Base:	6.0
Impact:	6.4
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-09-2009 - 04:00

Objavljeno

08-09-2009 - 18:30