CVE-2009-0669
Zope Object Database < 3.8.2 - Authentication Bypass via ZEO Network Protocol
Title source: llmDescription
Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.
References (8)
Core 8
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2217
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36204
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/56826
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52379
Patch, Vendor Advisory x_refsource_confirm
http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36205
Various Sources mailing-list
x_refsource_mlist
http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35987
Scores
EPSS
0.0286
EPSS Percentile
85.0%
Details
CWE
CWE-287
Status
published
Products (4)
pypi/ZODB3
0 - 3.8.2PyPI
zope/zodb
3.8
zope/zodb
3.8.0
zope/zodb
< 3.8.1
Published
Aug 07, 2009
Tracked Since
Feb 18, 2026