CVE-2009-2701
Severity Score
6.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.
Vulnerabilidad no especificada en Zope Enterprise Objects (ZEO) funcionalidad storage-server en Zope Object Database (ZODB) v3.8 anterior v3.8.3 y v3.9.x anterior v3.9.0c2, cuando cierta base de datos ZEO compartida y el soporte blob es activado, permite usuarios autenticarse remotamente para leer o borrar archivos de su elección a través de vectores desconocidos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-08-05 CVE Reserved
- 2009-09-08 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://pypi.python.org/pypi/ZODB3/3.8.3 | 2009-09-09 | |
| http://pypi.python.org/pypi/ZODB3/3.9.0c2 | 2009-09-09 | |
| http://www.vupen.com/english/advisories/2009/2534 | 2009-09-09 | |
| https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html | 2009-09-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zope Search vendor "Zope" | Zodb Search vendor "Zope" for product "Zodb" | 3.8 Search vendor "Zope" for product "Zodb" and version "3.8" | - |
Affected
| ||||||
| Zope Search vendor "Zope" | Zodb Search vendor "Zope" for product "Zodb" | 3.8.0 Search vendor "Zope" for product "Zodb" and version "3.8.0" | - |
Affected
| ||||||
| Zope Search vendor "Zope" | Zodb Search vendor "Zope" for product "Zodb" | 3.8.1 Search vendor "Zope" for product "Zodb" and version "3.8.1" | - |
Affected
| ||||||
| Zope Search vendor "Zope" | Zodb Search vendor "Zope" for product "Zodb" | 3.8.2 Search vendor "Zope" for product "Zodb" and version "3.8.2" | - |
Affected
| ||||||
| Zope Search vendor "Zope" | Zodb Search vendor "Zope" for product "Zodb" | 3.9.0 Search vendor "Zope" for product "Zodb" and version "3.9.0" | - |
Affected
| ||||||
| Zope Search vendor "Zope" | Zodb Search vendor "Zope" for product "Zodb" | 3.9.0b1 Search vendor "Zope" for product "Zodb" and version "3.9.0b1" | - |
Affected
| ||||||
| Zope Search vendor "Zope" | Zodb Search vendor "Zope" for product "Zodb" | 3.9.0b2 Search vendor "Zope" for product "Zodb" and version "3.9.0b2" | - |
Affected
| ||||||
| Zope Search vendor "Zope" | Zodb Search vendor "Zope" for product "Zodb" | 3.9.0b3 Search vendor "Zope" for product "Zodb" and version "3.9.0b3" | - |
Affected
| ||||||
| Zope Search vendor "Zope" | Zodb Search vendor "Zope" for product "Zodb" | 3.9.0b4 Search vendor "Zope" for product "Zodb" and version "3.9.0b4" | - |
Affected
| ||||||
| Zope Search vendor "Zope" | Zodb Search vendor "Zope" for product "Zodb" | 3.9.0b5 Search vendor "Zope" for product "Zodb" and version "3.9.0b5" | - |
Affected
| ||||||
| Zope Search vendor "Zope" | Zodb Search vendor "Zope" for product "Zodb" | 3.9.0c1 Search vendor "Zope" for product "Zodb" and version "3.9.0c1" | - |
Affected
| ||||||