Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:13
Type | Values Removed | Values Added |
---|---|---|
References | () http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html - | |
References | () http://secunia.com/advisories/20988 - Vendor Advisory | |
References | () http://secunia.com/advisories/21025 - Vendor Advisory | |
References | () http://secunia.com/advisories/21130 - Vendor Advisory | |
References | () http://secunia.com/advisories/21459 - Vendor Advisory | |
References | () http://www.debian.org/security/2006/dsa-1113 - | |
References | () http://www.novell.com/linux/security/advisories/2006_19_sr.html - | |
References | () http://www.securityfocus.com/bid/18856 - | |
References | () http://www.vupen.com/english/advisories/2006/2681 - Vendor Advisory | |
References | () http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/27636 - | |
References | () https://usn.ubuntu.com/317-1/ - |
Information
Published : 2006-07-07 23:05
Updated : 2024-11-21 00:13
NVD link : CVE-2006-3458
Mitre link : CVE-2006-3458
CVE.ORG link : CVE-2006-3458
JSON object : View
Products Affected
zope
- zope
CWE