Miggo Logo
Miggo Vulnerability Database
CVE-2000-0062

CVE-2000-0062:
Zope DTML implementation Improper Authentication

10

CVSS Score

Basic Information

CVE ID
CVE-2000-0062
GHSA ID
GHSA-wcwp-r3fj-mm3p
EPSS Score
-
CWE
CWE-287
Published
4/30/2022
Updated
9/18/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
Package NameEcosystemVulnerable VersionsFirst Patched Version
zopepip>= 2.2.0, <= 2.2.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information describes an authentication bypass in Zope's DTML implementation but does not include specific code references, commit diffs, or technical details about the flawed functions. While the vulnerability (CWE-287) suggests missing authentication checks in DTML processing logic, the advisory lacks concrete evidence such as function names, file paths, or code snippets to pinpoint exact vulnerable functions. Historical Zope DTML vulnerabilities often relate to improper input validation in template evaluation (e.g., via tags like <dtml-var> or <dtml-call>), but without explicit confirmation from patch details or exploit analysis, identifying specific functions with high confidence is not possible.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *TML impl*m*nt*tion in t** Z O*j**t Pu*lis*in* *nvironm*nt (Zop*) *llows r*mot* *tt**k*rs to *on*u*t un*ut*oriz** **tiviti*s.

Reasoning

T** provi*** vuln*r**ility in*orm*tion **s*ri**s *n *ut**nti**tion *yp*ss in Zop*'s *TML impl*m*nt*tion *ut *o*s not in*lu** sp**i*i* *o** r***r*n**s, *ommit *i**s, or t***ni**l **t*ils **out t** *l*w** *un*tions. W*il* t** vuln*r**ility (*W*-***) su