CVE-2006-4684

The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html
http://secunia.com/advisories/21947	Patch Vendor Advisory
http://secunia.com/advisories/21953	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1176	Patch Vendor Advisory
http://www.securityfocus.com/bid/20022
http://www.vupen.com/english/advisories/2006/3653
http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zope:zope:2.7.0:::::::*
	cpe:2.3:a:zope:zope:2.7.1:::::::*
	cpe:2.3:a:zope:zope:2.7.2:::::::*
	cpe:2.3:a:zope:zope:2.7.3:::::::*
	cpe:2.3:a:zope:zope:2.7.4:::::::*
	cpe:2.3:a:zope:zope:2.7.5:::::::*
	cpe:2.3:a:zope:zope:2.7.6:::::::*
	cpe:2.3:a:zope:zope:2.7.7:::::::*
	cpe:2.3:a:zope:zope:2.7.8:::::::*
	cpe:2.3:a:zope:zope:2.7.9:::::::*
	cpe:2.3:a:zope:zope:2.8.0:::::::*
	cpe:2.3:a:zope:zope:2.8.1:::::::*
	cpe:2.3:a:zope:zope:2.8.2:::::::*
	cpe:2.3:a:zope:zope:2.8.3:::::::*
	cpe:2.3:a:zope:zope:2.8.4:::::::*
	cpe:2.3:a:zope:zope:2.8.5:::::::*
	cpe:2.3:a:zope:zope:2.8.6:::::::*
	cpe:2.3:a:zope:zope:2.8.7:::::::*
	cpe:2.3:a:zope:zope:2.8.8:::::::*

History

No history.

Information

Published : 2006-09-19 18:07

Updated : 2024-02-28 11:01

NVD link : CVE-2006-4684

Mitre link : CVE-2006-4684

CVE.ORG link : CVE-2006-4684

JSON object : View

Products Affected

zope

zope

CWE

NVD-CWE-Other

{"id": "CVE-2006-4684", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-09-19T18:07:00.000", "references": [{"url": "http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21947", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21953", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2006/dsa-1176", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20022", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3653", "source": "cve@mitre.org"}, {"url": "http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458."}, {"lang": "es", "value": "El m\u00f3dulo docutils en Zope (Zope2) desde 2.7.0 hasta 2.7.9 y desde 2.8.0 hasta 2.8.8 no maneja adecuadamente p\u00e1ginas web con el marcado reStructuredText (reST), lo cual permite a atacantes remotos leer ficheros de su elecci\u00f3n v\u00eda una directiva csv_table, una vulnerabilidad diferente que CVE-2006-3458."}], "lastModified": "2011-03-08T02:41:53.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E296CD1C-2601-4A63-9E9D-38A39C84BF5D"}, {"criteria": "cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FF9B22D-6EF3-4364-A016-041457C4DFC0"}, {"criteria": "cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88153606-52FE-4C0B-88CD-B76538C19055"}, {"criteria": "cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAA38381-4C32-4C55-8116-341028D1888A"}, {"criteria": "cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B294E38-65FD-474D-BABC-9447EF33202A"}, {"criteria": "cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "685805FD-1A33-480E-A313-255EDF0B5266"}, {"criteria": "cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D827148D-4A8A-41DB-91B6-0049706D53D8"}, {"criteria": "cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0273EF1B-BC64-432F-8966-68547DFAD6BC"}, {"criteria": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A52CDCE-172C-4FAC-9015-ACF362E8E8A0"}, {"criteria": "cpe:2.3:a:zope:zope:2.7.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84DFC911-D226-4F8C-840A-D5F6EBBBF0CC"}, {"criteria": "cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "234C776B-C053-484C-ADE4-ED270064943F"}, {"criteria": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "244107E5-42B0-4695-BBC9-5B90AD0A1336"}, {"criteria": "cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93785E75-3F82-471E-B802-6337A6469AF7"}, {"criteria": "cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B34066B4-CE72-4271-9CFD-F725F7D17C89"}, {"criteria": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1"}, {"criteria": "cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81028DBB-7A75-4D27-8027-947F15CAA21E"}, {"criteria": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62BCE60F-9081-44D3-87FC-396D1A954626"}, {"criteria": "cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBA09D22-779C-4E63-B216-B931FA11E014"}, {"criteria": "cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2759CCE-3A1F-4E3F-9832-8BF3AA4F20F9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}