{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-08-06T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2009-2217", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/2217"}, {"name": "36204", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36204"}, {"name": "zope-protocol-code-execution(52377)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"}, {"name": "36205", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36205"}, {"name": "[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"}, {"name": "56827", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/56827"}, {"name": "35987", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35987"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0668", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2009-2217", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/2217"}, {"name": "36204", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36204"}, {"name": "zope-protocol-code-execution(52377)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"}, {"name": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2", "refsource": "CONFIRM", "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"}, {"name": "36205", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36205"}, {"name": "[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities", "refsource": "MLIST", "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"}, {"name": "56827", "refsource": "OSVDB", "url": "http://osvdb.org/56827"}, {"name": "35987", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35987"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:40:05.110Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2009-2217", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/2217"}, {"name": "36204", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36204"}, {"name": "zope-protocol-code-execution(52377)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"}, {"name": "36205", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36205"}, {"name": "[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"}, {"name": "56827", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/56827"}, {"name": "35987", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35987"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0668", "datePublished": "2009-08-07T19:00:00", "dateReserved": "2009-02-22T00:00:00", "dateUpdated": "2024-08-07T04:40:05.110Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9A7E1A6-8B87-43C2-A202-7383687A20B5", "versionEndIncluding": "3.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:2.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "AC8B7904-4F44-4641-9275-D995ADDA0ADA", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:2.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "E70191DA-A946-495D-A2CA-5DA5735B116F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:2.10.9:*:*:*:*:*:*:*", "matchCriteriaId": "4FB7982D-2F76-4237-8BBB-A4E5ADE1D497", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:2.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "3A461879-EF34-4817-8EBB-1FE7A73E03C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3BF6448E-3BD4-4A3D-9D58-C39928F4FB93", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0CB7404-734F-4838-AAEE-A5D5E987EBA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "64DF8BD4-31DC-44A5-944C-AA9AE57CBB9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "3D3CB7CF-91FC-4B7F-BD38-2F5033C70B99", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "D05A4183-CCE7-4BE2-B8E5-10FC33ABDEA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:3.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "02371BD4-F40F-4AA7-9214-E9FFCA80138C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "B59CB22D-604D-4D9D-B7A4-E42026C7F3FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:3.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "C35B0E78-B0E7-41F2-B776-B7B4AE937350", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "A8B6C5C0-E10B-437D-BF3C-0847B78EFDAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "C6EF771A-6AE9-4006-A273-5B04B3EAADDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "C38116E1-459C-45A7-A995-20C8ABDCCF65", "vulnerable": true}, {"criteria": "cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "8568BD1E-839A-4C78-840D-47807D207C6F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Zope Object Database (ZODB) anterior a v3.8.2, cuando ciertos Zope Enterprise Objects (ZEO) habilitan compartir base de datos, permite a atacantes remotos ejecutar c\u00f3digo Python arbitrario a trav\u00e9s de vectores relaccionados con el protocolo de red ZEO."}], "id": "CVE-2009-0668", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-08-07T19:30:00.203", "references": [{"source": "cve@mitre.org", "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/56827"}, {"source": "cve@mitre.org", "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36204"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36205"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35987"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/2217"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/56827"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36204"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35987"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/2217"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "zope: ZEO arbitrary Python code execution in the context of server process", "id": "513422", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=513422"}, "csaw": false, "cvss": {"cvss_base_score": "6.3", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:N/I:C/A:N", "status": "draft"}, "details": ["Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol."], "name": "CVE-2009-0668", "public_date": "2009-08-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2009-0668"], "threat_severity": "Important"}