CVE-2009-0669

ZODB <3.8.2 - Auth Bypass

Title source: llm

Description

Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.

References (8)

[Various Sources] http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html

[Patch, Vendor Advisory] http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2

[Vendor Advisory] http://secunia.com/advisories/36204

[Vendor Advisory] http://secunia.com/advisories/36205

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/52379

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/35987

[Third Party Advisory, VDB Entry] http://osvdb.org/56826

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/2217

Scores

EPSS 0.0055

EPSS Percentile 67.6%

Classification

CWE

CWE-287

Status draft

Affected Products (4)

zope/zodb < 3.8.1

zope/zodb

pypi/ZODB3 < 3.8.2PyPI

Timeline

Published Aug 07, 2009

Tracked Since Feb 18, 2026