21 Mar
2007
21 Mar
'07
7:20 p.m.
On 3/20/07, Martijn Pieters <mj@zopatista.com> wrote:
A vulnerability has been discovered in Zope, where by certain types of misuse of HTTP GET, an attacker could gain elevated privileges. All Zope versions up to and including 2.10.2 are affected.
This hotfix has been assigned a CVE: CVE-2007-0240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0240 -- Martijn Pieters