[Zope] HTTP Request Denial of Service Vulnerability

Andreas Jung lists at zopyx.com
Mon Jul 20 00:20:19 EDT 2009


On 20.07.09 04:06, TsungWei Hu wrote:
> I have a Plone 3.2.3 site that runs with Zope 2.10.8 and receive a
> security notice as follows. Is it sufficient to fix this just
> installing http://www.zope.org/Products/Zope/Hotfix-2008-08-12 ?
> Thanks, /marr/
>
>
> Although the Zope development environment is one of the largest and
> most widely supported open source web content management solutions, it
> has been plagued with exploitable vulnerabilities. Due to the nature
> of the software and shear number of vulnerabilities, Foundstone Labs
> recommends you consider utilizing a different content management
> solution and at a minimum upgrade your software. Zope updates can be
> freely downloaded from www.zope.org <http://www.zope.org>

TsungWei, with respect but you are telling barely nonsense. The
mentioned issue only affected
sites where managers gave ZMI access to untrusted users. So this issue
is of limited importance.
In addition it has been fixed within less than one day (compare this to
other systems).
In addition: Zope is an application server, not a CMS. Also: compare the
number of critical
bugs within Zope to other systems.

ZOPE IS VERY SECURE.

So please stop with such postings spreading FUD and containing improper
information.

Andreas Jung
Zope 2 Release Manager





-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.vcf
Type: text/x-vcard
Size: 316 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20090720/7b28e8ae/attachment.vcf 


More information about the Zope mailing list