漏洞类别:Web server漏洞等级: 
漏洞信息
Zope is a dynamic HTML management package maintained by the Zope Project.
Some versions of Zope contain a path disclosure vulnerability that allows malicious users to view absolute path information. This issue can be exploited if the remote user submits a maliciously crafted URL.
漏洞危害
Successful exploitation of this vulnerability could lead to the disclosure of sensitive information, which could possibly assist in further attacks against the target host.
解决方案
Vendors advise that you upgrade to a fixed Zope package (see below).
Zope Version 2.2.0:
FreeBSD Patch 5 current alpha zope-2.2.4
ftp://ftp.freebsd.org/pub/FreeBSD/ports/alpha/packages-stable/zope/
Mandrake RPM 1.0.1 i586 Zope-zserver-2.2.4-1.3mdk.i586.rpm
http://www.mandrakesecure.net/en/advisories/updates.php?dis=7.1
0day
文章评论