CVE-2009-2701 Information

Description

Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2 when certain ZEO database sharing and blob support are enabled allows remote authenticated users to read or delete arbitrary files via unknown vectors.

Reference

http://pypi.python.org/pypi/ZODB3/3.8.3 http://pypi.python.org/pypi/ZODB3/3.9.0c2 http://www.vupen.com/english/advisories/2009/2534 https://mail.zope.org/pipermail/zope-announce/2009-September/002221.html