CVE-2002-0688
First published: Tue Jul 23 2002(Updated: )
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/zope | >=2.4.0<=2.5.1 | 2.6.0 |
| Zope ZODB | =2.4.0 | |
| Zope ZODB | =2.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert
- http://www.debian.org/security/2004/dsa-490
- http://www.redhat.com/support/errata/RHSA-2002-060.html
- http://www.securityfocus.com/bid/5812
- http://www.iss.net/security_center/static/9610.php
- https://nvd.nist.gov/vuln/detail/CVE-2002-0688
- https://web.archive.org/web/20020810160608/http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert
- https://web.archive.org/web/20020822025750/http://www.iss.net/security_center/static/9610.php
- https://web.archive.org/web/20021206023914/http://rhn.redhat.com/errata/RHSA-2002-060.html
- https://web.archive.org/web/20021223212650/http://online.securityfocus.com/bid/5812
- https://web.archive.org/web/20070430090648/http://www.debian.org/security/2004/dsa-490
- https://github.com/advisories/GHSA-7944-h5rw-qmjx (Advisory)
Frequently Asked Questions
What is the severity of CVE-2002-0688?
CVE-2002-0688 is considered a critical vulnerability due to the potential for unauthorized access by anonymous users.
How do I fix CVE-2002-0688?
To fix CVE-2002-0688, upgrade to Zope version 2.6.0 or later.
Which versions of Zope are affected by CVE-2002-0688?
CVE-2002-0688 affects Zope versions 2.4.0 through 2.5.1.
What type of access does CVE-2002-0688 allow malicious users?
CVE-2002-0688 allows malicious users to bypass access restrictions and invoke arbitrary methods on catalog indexes.
Is CVE-2002-0688 a known vulnerability in Zope?
Yes, CVE-2002-0688 is a well-documented vulnerability that has been reported in Zope's security advisory.
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-7944-h5rw-qmjx
- alias/CVE-2002-0688
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/remedy
- agent/references
- agent/author
- agent/description
- agent/softwarecombine
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- package-manager/pip
- vendor/zope
- canonical/zope zodb
- version/zope zodb/2.4.0
- version/zope zodb/2.5.1