[Zope-dev] Vulnerability in Zope

Jerome Alet alet@unice.fr
Sun, 23 Sep 2001 18:38:12 +0200


On Sun, Sep 23, 2001 at 10:36:33AM -0400, Paul Everitt wrote:
> 
> Do others consider this a vulnerability?  While it reveals more 
> information than people might want, I'm curious about scenarios under 
> which it could be exploited.
> 
> If any of you know of something *specific*, meaning it's a genuinely 
> exploitable vulnerability, please email me or Brian Lloyd 
> (brian@zope.com) directly, rather than explain to the world how to do it.
> ...
> ...
> > Bobo-Exception-File: /usr/local/base/Zope-2.3.2-modified/lib/python/OFS/Property

Think about social engeniering.
Knowing this sort of things, while this is not a vulnerability in itself,
allows everybody to remotely know were Data.fs is.

bye,

Jerome Alet