Vigil@nce: Zope, denial of service
September 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A remote attacker can access a private page of a Plone website, in
order to create a denial of service.
– Severity: 2/4
– Creation date: 03/09/2010
DESCRIPTION OF THE VULNERABILITY
Plone is content management system built on top of the Zope
application server.
Pages of a Plone site can be private. When a user access a page,
access control is done. However, when accessing a unauthorized
page, an unhandled exception is thrown, stopping the worker thread.
A remote attacker can try to repeatedly access a private page of a
Plone website, in order to create a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Zope-denial-of-service-9900