Homepage

zope2@2.13.0a3 vulnerabilities

Zope application server / web framework

  • latest version

    4.0

  • latest non vulnerable version

    4.0

  • first published

    15 years ago

  • latest version published

    5 years ago

  • licenses detected

  • View zope2 package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the zope2 package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    HTTP Header Injection

    zope2 is a Zope2 application server / web framework ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

    [2.12,2.13.19)
    • M
    Timing Attack

    zope2 is a Zope2 application server / web framework AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

    [,2.13.19)
    • M
    Insecure Randomness

    zope2 is a Zope2 application server / web framework Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2).

    [,2.13.19)
    Go back to all versions of this package