CVE-2009-0669

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/36205	Vendor Advisory
http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2	Patch Vendor Advisory
http://secunia.com/advisories/36204	Vendor Advisory
http://osvdb.org/56826
http://www.securityfocus.com/bid/35987
http://www.vupen.com/english/advisories/2009/2217
https://exchange.xforce.ibmcloud.com/vulnerabilities/52379

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zope:zodb::::::::
	cpe:2.3:a:zope:zodb:3.8.0:::::::*
	cpe:2.3:a:zope:zodb:3.8:::::::*

Information

Published : 2009-08-07 12:30

Updated : 2017-08-16 18:29

NVD link : CVE-2009-0669

Mitre link : CVE-2009-0669

JSON object : View

CWE

CWE-287

Improper Authentication

Products Affected

zope

zodb

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/advisories/36205", "name": "36205", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html", "name": "[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities", "tags": [], "refsource": "MLIST"}, {"url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2", "name": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/36204", "name": "36204", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/56826", "name": "56826", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/35987", "name": "35987", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2009/2217", "name": "ADV-2009-2217", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52379", "name": "zope-protocol-auth-bypass(52379)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0669", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-08-07T19:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.8.1"}, {"cpe23Uri": "cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zodb:3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:29Z"}

7.5 /10