CVE-2002-0170 | Vulnerability Database | Aqua Security

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

Affected Software

Name	Vendor	Start Version	End Version
Zope	Zope	2.2.0 (including)	2.2.0 (including)
Zope	Zope	2.2.1 (including)	2.2.1 (including)
Zope	Zope	2.2.2 (including)	2.2.2 (including)
Zope	Zope	2.2.3 (including)	2.2.3 (including)
Zope	Zope	2.2.4 (including)	2.2.4 (including)
Zope	Zope	2.2.5 (including)	2.2.5 (including)
Zope	Zope	2.3.0 (including)	2.3.0 (including)
Zope	Zope	2.3.1 (including)	2.3.1 (including)
Zope	Zope	2.3.2 (including)	2.3.2 (including)
Zope	Zope	2.3.3 (including)	2.3.3 (including)
Zope	Zope	2.4.0 (including)	2.4.0 (including)
Zope	Zope	2.4.1 (including)	2.4.1 (including)
Zope	Zope	2.4.2 (including)	2.4.2 (including)
Zope	Zope	2.4.3 (including)	2.4.3 (including)
Zope	Zope	2.4.4b1 (including)	2.4.4b1 (including)
Zope	Zope	2.5.0 (including)	2.5.0 (including)
Zope	Zope	2.5.1b1 (including)	2.5.1b1 (including)
Red Hat Powertools 7.0	RedHat		*
Red Hat Powertools 7.1	RedHat		*

References

http://marc.info/?l=bugtraq\u0026m=101503023511996\u0026w=2
http://www.iss.net/security_center/static/8334.php
http://www.osvdb.org/5350
http://www.redhat.com/support/errata/RHSA-2002-060.html
http://www.securityfocus.com/bid/4229
http://www.zope.org/Products/Zope/hotfixes/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2002-0170
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html