John Tsai
2013-03-13 13:04:43 UTC
John Tsai [http://community.zenoss.org/people/jct] created the discussion
"Zope version vulnerability"
To view the discussion, visit: http://community.zenoss.org/message/72390#72390
--------------------------------------------------------------
NeXpose is reporting Zope vulnerability,
The fix is to upgrade to v2.6.0b1 or later but my installed version of Zope is 2.13.13.
Anyone have any clue on this?
*NeXpose reported:*
Running vulnerable HTTP service: Zope.
HTTP POST request to http://zenoss:8080/x http://zenoss:8080/x
6:Â Â <p>An error was encountered while publishing this resource.
7:Â Â </p>
8:Â Â <p><strong><type 'exceptions.KeyError'></strong></p>
9:
6:Â Â Sorry, a site error occurred.<p><p>Traceback (innermost last):</p>
*NeXpose fix:*
Fix Zope Invalid XML RPC Information Leakage
Download and apply the upgrade from: http://www.zope.org/Products/Zope/2.6.0b1 http://www.zope.org/Products/Zope/2.6.0b1
Upgrade to   http://www.zope.org/Products/Zope/2.6.0b1 v2.6.0b1 or later.
--------------------------------------------------------------
Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/72390#72390]
Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]
"Zope version vulnerability"
To view the discussion, visit: http://community.zenoss.org/message/72390#72390
--------------------------------------------------------------
NeXpose is reporting Zope vulnerability,
The fix is to upgrade to v2.6.0b1 or later but my installed version of Zope is 2.13.13.
Anyone have any clue on this?
*NeXpose reported:*
Running vulnerable HTTP service: Zope.
HTTP POST request to http://zenoss:8080/x http://zenoss:8080/x
6:Â Â <p>An error was encountered while publishing this resource.
7:Â Â </p>
8:Â Â <p><strong><type 'exceptions.KeyError'></strong></p>
9:
6:Â Â Sorry, a site error occurred.<p><p>Traceback (innermost last):</p>
*NeXpose fix:*
Fix Zope Invalid XML RPC Information Leakage
Download and apply the upgrade from: http://www.zope.org/Products/Zope/2.6.0b1 http://www.zope.org/Products/Zope/2.6.0b1
Upgrade to   http://www.zope.org/Products/Zope/2.6.0b1 v2.6.0b1 or later.
--------------------------------------------------------------
Reply to this message by replying to this email -or- go to the discussion on Zenoss Community
[http://community.zenoss.org/message/72390#72390]
Start a new discussion in zenoss-users by email
[discussions-community-forums-zenoss--***@community.zenoss.org] -or- at Zenoss Community
[http://community.zenoss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2003]