Published: 19/09/2006 Updated: 08/03/2011

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The docutils module in Zope (Zope2) 2.7.0 up to and including 2.7.9 and 2.8.0 up to and including 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote malicious users to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zope zope 2.7.5
zope zope 2.7.6
zope zope 2.8.3
zope zope 2.8.4
zope zope 2.7.7
zope zope 2.7.8
zope zope 2.8.5
zope zope 2.8.6
zope zope 2.7.0
zope zope 2.7.1
zope zope 2.7.9
zope zope 2.8.0
zope zope 2.8.7
zope zope 2.8.8
zope zope 2.7.2
zope zope 2.7.3
zope zope 2.7.4
zope zope 2.8.1
zope zope 2.8.2

It was discovered that the Zope web application server does not disable the csv_table directive in web pages containing ReST markup, allowing the exposure of files readable by the Zope server For the stable distribution (sarge) this problem has been fixed in version 275-2sarge2 The unstable distribution (sid) doesn't contain zope27 any longer, ...

NVD-CWE-Other http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt http://www.debian.org/security/2006/dsa-1176 http://secunia.com/advisories/21947 http://secunia.com/advisories/21953 http://www.securityfocus.com/bid/20022 http://www.vupen.com/english/advisories/2006/3653 https://www.debian.org/security/./dsa-1176 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-4684

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect