CVE-2006-4684

The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html
http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt	Patch
http://www.debian.org/security/2006/dsa-1176	Patch Vendor Advisory
http://secunia.com/advisories/21947	Patch Vendor Advisory
http://secunia.com/advisories/21953	Patch Vendor Advisory
http://www.securityfocus.com/bid/20022
http://www.vupen.com/english/advisories/2006/3653

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:zope:zope:2.7.5:::::::*
	cpe:2.3:a:zope:zope:2.7.6:::::::*
	cpe:2.3:a:zope:zope:2.8.3:::::::*
	cpe:2.3:a:zope:zope:2.8.4:::::::*
	cpe:2.3:a:zope:zope:2.7.7:::::::*
	cpe:2.3:a:zope:zope:2.7.8:::::::*
	cpe:2.3:a:zope:zope:2.8.5:::::::*
	cpe:2.3:a:zope:zope:2.8.6:::::::*
	cpe:2.3:a:zope:zope:2.7.0:::::::*
	cpe:2.3:a:zope:zope:2.7.1:::::::*
	cpe:2.3:a:zope:zope:2.7.9:::::::*
	cpe:2.3:a:zope:zope:2.8.0:::::::*
	cpe:2.3:a:zope:zope:2.8.8:::::::*
	cpe:2.3:a:zope:zope:2.7.3:::::::*
	cpe:2.3:a:zope:zope:2.8.2:::::::*
	cpe:2.3:a:zope:zope:2.7.4:::::::*
	cpe:2.3:a:zope:zope:2.7.2:::::::*
	cpe:2.3:a:zope:zope:2.8.1:::::::*
	cpe:2.3:a:zope:zope:2.8.7:::::::*

Information

Published : 2006-09-19 11:07

Updated : 2011-03-07 18:41

NVD link : CVE-2006-4684

Mitre link : CVE-2006-4684

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

zope

zope

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html", "name": "[Zope-Annce] 20060821 Hotfix for Further reST Integration Issue", "tags": [], "refsource": "MLIST"}, {"url": "http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt", "name": "http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2006/dsa-1176", "name": "DSA-1176", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/21947", "name": "21947", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21953", "name": "21953", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/20022", "name": "20022", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2006/3653", "name": "ADV-2006-3653", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4684", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-09-19T18:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.7.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:41Z"}