CVE-2006-4684

Name of the Vulnerable Software and Affected Versions Zope2 versions 2.7.0 through 2.7.9 Zope2 versions 2.8.0 through 2.8.8

Description The issue is related to the docutils module in Zope2, which does not properly handle web pages with reStructuredText (reST) markup. This allows remote attackers to read arbitrary files via a csv table directive.

Recommendations For Zope2 versions 2.7.0 through 2.7.9, update to a version that properly handles reST markup to prevent exploitation. For Zope2 versions 2.8.0 through 2.8.8, update to a version that properly handles reST markup to prevent exploitation. As a temporary workaround, consider disabling the csv table directive in the docutils module until a patch is available.