CVE-2001-1227

Name of the Vulnerable Software and Affected Versions man versions prior to 1.5i2 Zope versions prior to 2.2.4

Description The issue concerns multiple vulnerabilities in the man package of Red Hat Linux and Zope, which can be exploited remotely to compromise the confidentiality, integrity, and availability of protected information. In Zope, partially trusted users can bypass security controls for certain methods by accessing them through the fmt attribute of dtml-var tags.

Recommendations For man package versions prior to 1.5i2, update to version 1.5i2 or later to resolve the issue. For Zope versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the dtml-var tags and the fmt attribute in Zope until a patch is available.