PT-2006-5469 · Zope+1 · Zope2+1

Jim Fulton

Published

2006-09-19

Updated

2022-05-01

CVE-2006-4684

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Zope2 versions 2.7.0 through 2.7.9 Zope2 versions 2.8.0 through 2.8.8

Description The issue is related to the docutils module in Zope2, which does not properly handle web pages with reStructuredText (reST) markup. This allows remote attackers to read arbitrary files via a csv table directive.

Recommendations For Zope2 versions 2.7.0 through 2.7.9, update to a version that properly handles reST markup to prevent exploitation. For Zope2 versions 2.8.0 through 2.8.8, update to a version that properly handles reST markup to prevent exploitation. As a temporary workaround, consider disabling the csv table directive in the docutils module until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4684

DSA-1176-1

GHSA-HM8G-JXJJ-GFM3

PYSEC-2006-8

Affected Products

Zope2

Docutils

PT-2006-5469 · Zope+1 · Zope2+1

CVE-2006-4684

Related Identifiers

Affected Products

References · 13