USN-848-1 -- zope3 vulnerabilitiesID: oval:org.secpod.oval:def:700407 | Date: (C)2011-05-13 (M)2021-06-02 |
Class: PATCH | Family: unix |
It was discovered that the Zope Object Database database server improperly filtered certain commands when a database is shared among multiple applications or application instances. A remote attacker could send malicious commands to the server and execute arbitrary code. It was discovered that the Zope Object Database database server did not handle authentication properly when a database is shared among multiple applications or application instances. A remote attacker could use this flaw to bypass security restrictions. It was discovered that Zope did not limit the number of new object ids a client could request. A remote attacker could use this flaw to consume a huge amount of resources, leading to a denial of service
Platform: |
Ubuntu 8.04 |
Ubuntu 9.04 |
Ubuntu 6.06 |
Ubuntu 8.10 |