CVE-2009-2701

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
zopezodb
3.8
zopezodb
3.8.0
zopezodb
3.8.1
zopezodb
3.8.2
zopezodb
3.9.0
zopezodb
3.9.0b1:b1
zopezodb
3.9.0b2:b2
zopezodb
3.9.0b3:b3
zopezodb
3.9.0b4:b4
zopezodb
3.9.0b5:b5
zopezodb
3.9.0c1:c1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zodb
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
dapper
not-affected
References
http://pypi.python.org/pypi/ZODB3/3.8.3
http://pypi.python.org/pypi/ZODB3/3.9.0c2
http://www.vupen.com/english/advisories/2009/2534
https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html
http://pypi.python.org/pypi/ZODB3/3.8.3
http://pypi.python.org/pypi/ZODB3/3.9.0c2
http://www.vupen.com/english/advisories/2009/2534
https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html