Re: [Zope-Annce] Hotfix for cross-site scripting vulnerability

Martijn Pieters Wed, 21 Mar 2007 11:36:38 -0800

On 3/20/07, Martijn Pieters <[EMAIL PROTECTED]> wrote:

A vulnerability has been discovered in Zope, where by certain types of
misuse of HTTP GET, an attacker could gain elevated privileges. All
Zope versions up to and including 2.10.2 are affected.


This hotfix has been assigned a CVE:

 CVE-2007-0240
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0240

--
Martijn Pieters
_______________________________________________
Zope-Announce maillist  -  Zope-Announce@zope.org
http://mail.zope.org/mailman/listinfo/zope-announce

 Zope-Announce for Announcements only - no discussions

(Related lists -Users: http://mail.zope.org/mailman/listinfo/zope

Developers: http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope-Annce] Hotfix for cross-site scripting vulnerability

Reply via email to