CVE-2008-5102

Zope < 2.11.2 - Authenticated Denial of Service via PythonScript Raise or Import Statements

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5102. PoCs published by Marc-Andre Lemburg.

AI-analyzed exploit summary The provided code is a writeup describing two denial-of-service (DoS) techniques for Zope versions 2.7.0 through 2.11.2. It includes snippets to halt the application or consume excessive resources, but lacks executable exploit code.

Description

PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Marc-Andre Lemburg · textdosmultiple

https://www.exploit-db.com/exploits/32581

View Code ZIP pw:eip

The provided code is a writeup describing two denial-of-service (DoS) techniques for Zope versions 2.7.0 through 2.11.2. It includes snippets to halt the application or consume excessive resources, but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: Zope 2.7.0 through 2.11.2

No auth needed

Prerequisites: Access to a vulnerable Zope instance

MITRE ATT&CK