I have a Plone 3.2.3 site that runs with Zope 2.10.8 and receive a security
notice as follows. Is it sufficient to fix this just installing
http://www.zope.org/Products/Zope/Hotfix-2008-08-12 ? Thanks, /marr/

= Name =

Zope HTTP Request Denial of Service Vulnerability

= Description =

A vulnerability in Zope may allow a remote attacker to manually shutdown the

= Observation =

The Zope Web Content Management system has been identified with a critical
denial of service vulnerability. A malicious attacker could manually
shutdown the target system remotely via a custom web HTTP field request.
This vulnerability is especially dangerous as the "kill" packet can be
completely forged thereby increasing the difficulty when tracking would be
intruders and attackers.

= Recommendation =

Although the Zope development environment is one of the largest and most
widely supported open source web content management solutions, it has been
plagued with exploitable vulnerabilities. Due to the nature of the software
and shear number of vulnerabilities, Foundstone Labs recommends you consider
utilizing a different content management solution and at a minimum upgrade
your software. Zope updates can be freely downloaded from www.zope.org
Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to