[原文]Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.
Zope contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when use of Legacy object names ( e.g. DTML Methods )occurs. This flaw may lead to a loss of Confidentiality and/or Integrity.
It is possible to correct the flaw by implementing Zope hotfix 2000-12-08 available from the Vendor site.