Published: 27/10/2005 Updated: 03/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

docutils in Zope 2.6, 2.7 prior to 2.7.8, and 2.8 prior to 2.8.2 allows remote malicious users to include arbitrary files via include directives in RestructuredText functionality.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zope zope 2.6
zope zope
debian debian linux 3.1
debian debian linux 3.0

Zope did not deactivate the file inclusion feature when exposing RestructuredText functionalities to untrusted users A remote user with the privilege of editing Zope webpages with RestructuredText could exploit this to expose arbitrary files that can be read with the privileges of the Zope server, or execute arbitrary Zope code ...

NVD-CWE-Other http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert http://www.gentoo.org/security/en/glsa/glsa-200510-20.xml http://www.securityfocus.com/bid/15082 http://www.debian.org/security/2005/dsa-910 http://secunia.com/advisories/17173 http://secunia.com/advisories/17309 http://secunia.com/advisories/17676 http://www.novell.com/linux/security/advisories/2005_27_sr.html https://usn.ubuntu.com/229-1/https://usn.ubuntu.com/229-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-3323

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect