CVE-2010-3198

medium

Published 2010-09-08 · Modified 2026-05-19

CVSS v3

—

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2

4.3

VIR risk

4.3

Description

ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions.

Predictions

Exploit likelihood

30%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://mail.zope.org/pipermail/zope-announce/2010-September/002247.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://bugs.launchpad.net/zope2/+bug/627988

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.vupen.com/english/advisories/2010/2275

Package impact

Ecosystem	Package	Vulnerable	Fixed
PyPI	zope	`>=2.10.0,<2.10.12`	`2.10.12`
PyPI	zope	`>=2.11.0,<2.11.7`	`2.11.7`
PyPI	zope

Application impact

Vendor	Product	Versions
zope	zope	`2.10.0-b1`
zope	zope	`2.10.0-b2`
zope	zope	`2.10.0-c1`
zope	zope	`2.10.0-final`
zope	zope	`2.10.2`
zope	zope	`2.10.2-b1`
zope	zope	`2.10.2-final`
zope	zope	`2.10.3`
zope	zope	`2.10.3-final`
zope	zope	`2.10.4-final`
zope	zope	`2.10.5`
zope	zope	`2.10.6`
zope	zope	`2.10.7`
zope	zope	`2.10.8`
zope	zope	`2.10.9`
zope	zope	`2.10.10`
zope	zope	`2.10.11`
zope	zope	`2.11.0`
zope	zope	`2.11.0a1`
zope	zope	`2.11.0b1`
zope	zope	`2.11.0c1`
zope	zope	`2.11.1`
zope	zope	`2.11.2`
zope	zope	`2.11.3`
zope	zope	`2.11.4`
zope	zope	`2.11.5`
zope	zope	`2.11.6`

References

Verify integrity in audit chain (admin only). AS-IS.