CVE-2009-0669

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
http://osvdb.org/56826
http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2	Patch Vendor Advisory
http://secunia.com/advisories/36204	Vendor Advisory
http://secunia.com/advisories/36205	Vendor Advisory
http://www.securityfocus.com/bid/35987
http://www.vupen.com/english/advisories/2009/2217
https://exchange.xforce.ibmcloud.com/vulnerabilities/52379

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zope:zodb::::::::
	cpe:2.3:a:zope:zodb:3.8:::::::*
	cpe:2.3:a:zope:zodb:3.8.0:::::::*

History

No history.

Information

Published : 2009-08-07 19:30

Updated : 2024-02-28 11:21

NVD link : CVE-2009-0669

Mitre link : CVE-2009-0669

CVE.ORG link : CVE-2009-0669

JSON object : View

Products Affected

zope

zodb

CWE

CWE-287

Improper Authentication

{"id": "CVE-2009-0669", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-08-07T19:30:00.233", "references": [{"url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/56826", "source": "cve@mitre.org"}, {"url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36204", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36205", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35987", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/2217", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52379", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol."}, {"lang": "es", "value": "Zope Object Database (ZODB) anterior a v3.8.2, cuando ciertos Zope Enterprise Objects (ZEO) habilitan compartir base de datos, permite a atacantes remotos eludir la autenticaci\u00f3n a trav\u00e9s de vectores implicados en el protocolo de red ZEO."}], "lastModified": "2017-08-17T01:29:58.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9A7E1A6-8B87-43C2-A202-7383687A20B5", "versionEndIncluding": "3.8.1"}, {"criteria": "cpe:2.3:a:zope:zodb:3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF49B253-411F-4E83-93B3-556783B73965"}, {"criteria": "cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8568BD1E-839A-4C78-840D-47807D207C6F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}