[Zope] HTTP Request Denial of Service Vulnerability
lists at zopyx.com
Mon Jul 20 00:20:19 EDT 2009
On 20.07.09 04:06, TsungWei Hu wrote:
> I have a Plone 3.2.3 site that runs with Zope 2.10.8 and receive a
> security notice as follows. Is it sufficient to fix this just
> installing http://www.zope.org/Products/Zope/Hotfix-2008-08-12 ?
> Thanks, /marr/
> Although the Zope development environment is one of the largest and
> most widely supported open source web content management solutions, it
> has been plagued with exploitable vulnerabilities. Due to the nature
> of the software and shear number of vulnerabilities, Foundstone Labs
> recommends you consider utilizing a different content management
> solution and at a minimum upgrade your software. Zope updates can be
> freely downloaded from www.zope.org <http://www.zope.org>
TsungWei, with respect but you are telling barely nonsense. The
mentioned issue only affected
sites where managers gave ZMI access to untrusted users. So this issue
is of limited importance.
In addition it has been fixed within less than one day (compare this to
In addition: Zope is an application server, not a CMS. Also: compare the
number of critical
bugs within Zope to other systems.
ZOPE IS VERY SECURE.
So please stop with such postings spreading FUD and containing improper
Zope 2 Release Manager
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 316 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20090720/7b28e8ae/attachment.vcf
More information about the Zope