The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
References
Link | Resource |
---|---|
http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html | |
http://secunia.com/advisories/21947 | Patch Vendor Advisory |
http://secunia.com/advisories/21953 | Patch Vendor Advisory |
http://www.debian.org/security/2006/dsa-1176 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/20022 | |
http://www.vupen.com/english/advisories/2006/3653 | |
http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt | Patch |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-09-19 18:07
Updated : 2024-02-28 11:01
NVD link : CVE-2006-4684
Mitre link : CVE-2006-4684
CVE.ORG link : CVE-2006-4684
JSON object : View
Products Affected
zope
- zope
CWE