CVE-2009-2701

EUVD-2009-0011
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
zopezodb
3.8
zopezodb
3.8.0
zopezodb
3.8.1
zopezodb
3.8.2
zopezodb
3.9.0
zopezodb
3.9.0b1:b1
zopezodb
3.9.0b2:b2
zopezodb
3.9.0b3:b3
zopezodb
3.9.0b4:b4
zopezodb
3.9.0b5:b5
zopezodb
3.9.0c1:c1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zodb
dapper
not-affected
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
References
http://pypi.python.org/pypi/ZODB3/3.8.3
http://pypi.python.org/pypi/ZODB3/3.9.0c2
http://www.vupen.com/english/advisories/2009/2534
https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html
http://pypi.python.org/pypi/ZODB3/3.8.3
http://pypi.python.org/pypi/ZODB3/3.9.0c2
http://www.vupen.com/english/advisories/2009/2534
https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html