CVE-2009-2701
First published: Tue Sep 08 2009(Updated: )
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/zodb3 | >=3.9a0<3.9.0c2 | 3.9.0c2 |
| pip/zodb3 | >=3.8<3.8.3 | 3.8.3 |
| Zope ZODB | =3.9.0 | |
| Zope ZODB | =3.8.2 | |
| Zope ZODB | =3.9.0b5 | |
| Zope ZODB | =3.8.0 | |
| Zope ZODB | =3.9.0b1 | |
| Zope ZODB | =3.9.0b3 | |
| Zope ZODB | =3.8 | |
| Zope ZODB | =3.9.0c1 | |
| Zope ZODB | =3.9.0b4 | |
| Zope ZODB | =3.8.1 | |
| Zope ZODB | =3.9.0b2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html
- http://pypi.python.org/pypi/ZODB3/3.9.0c2
- http://pypi.python.org/pypi/ZODB3/3.8.3
- http://www.vupen.com/english/advisories/2009/2534
- https://nvd.nist.gov/vuln/detail/CVE-2009-2701
- https://github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2009-10.yaml
- https://github.com/advisories/GHSA-m52m-2qpx-9j4j (Advisory)
Frequently Asked Questions
What is the severity of CVE-2009-2701?
CVE-2009-2701 has a medium severity level due to the potential for remote authenticated users to read or delete arbitrary files.
How do I fix CVE-2009-2701?
To fix CVE-2009-2701, upgrade Zope Object Database (ZODB) to version 3.8.3 or 3.9.0c2.
What versions are affected by CVE-2009-2701?
CVE-2009-2701 affects ZODB versions 3.8.0 to 3.8.2 and 3.9.0b1 to 3.9.0b5.
Who is impacted by CVE-2009-2701?
Remote authenticated users of affected ZODB versions are impacted by CVE-2009-2701.
What functionality is exploited in CVE-2009-2701?
CVE-2009-2701 exploits the ZEO storage-server functionality when specific database sharing and blob support is enabled.
- agent/type
- agent/remedy
- agent/weakness
- agent/references
- agent/description
- agent/author
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-m52m-2qpx-9j4j
- alias/CVE-2009-2701
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- collector/github-advisory
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- package-manager/pip
- vendor/zope
- canonical/zope zodb
- version/zope zodb/3.9.0
- version/zope zodb/3.8.2
- version/zope zodb/3.9.0b5
- version/zope zodb/3.8.0
- version/zope zodb/3.9.0b1
- version/zope zodb/3.9.0b3
- version/zope zodb/3.8
- version/zope zodb/3.9.0c1
- version/zope zodb/3.9.0b4
- version/zope zodb/3.8.1
- version/zope zodb/3.9.0b2