On 3/20/07, Martijn Pieters <[EMAIL PROTECTED]> wrote:
A vulnerability has been discovered in Zope, where by certain types of
misuse of HTTP GET, an attacker could gain elevated privileges. All
Zope versions up to and including 2.10.2 are affected.
This hotfix has been assigned a CVE:
CVE-2007-0240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0240
--
Martijn Pieters
_______________________________________________
Zope-Announce maillist - Zope-Announce@zope.org
http://mail.zope.org/mailman/listinfo/zope-announce
Zope-Announce for Announcements only - no discussions
(Related lists -
Users: http://mail.zope.org/mailman/listinfo/zope
Developers: http://mail.zope.org/mailman/listinfo/zope-dev )