[Silva-general] Zope XSS vulnerability
Kit BLAKE
kitblake at infrae.com
Wed Mar 21 07:43:45 CET 2007
A vulnerability has been discovered in Zope, whereby misuse of certain
types of HTTP GET could lead to elevated privileges. All Zope versions
up to and including 2.10.2 are affected.
You are only affected by this vulnerability if you allow untrusted users
to log in to your site and create content. Most Silva sites don't allow
this and are thus not effected. But it's good practice to install
security updates and we recommend that you do so.
The full description along with the hotfix for Zope 2.7, 2.8, 2.9 and
2.10 is available from the zope.org site:
http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement
The upcoming releases of Zope will have this fix included, in the
meantime, please download the hotfix for your installations. Unpack the
product and restart Zope, and the vulnerability will be patched.
--
Kit BLAKE · Infrae · http://infrae.com/ + 31 10 243 7051
Hoevestraat 10 · 3033 GC · Rotterdam + The Netherlands
Contact = http://xri.net/=kitblake
More information about the Silva-general
mailing list