CVE-2006-4684

The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.

Published: Sep 19, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-4684
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
zope / zope	2.8.0	2.8.0.x
zope / zope	2.8.8	2.8.8.x
zope / zope	2.7.0	2.7.0.x
zope / zope	2.7.6	2.7.6.x
zope / zope	2.7.5	2.7.5.x
zope / zope	2.7.3	2.7.3.x
zope / zope	2.8.5	2.8.5.x
zope / zope	2.8.2	2.8.2.x
zope / zope	2.8.6	2.8.6.x
zope / zope	2.7.4	2.7.4.x
zope / zope	2.7.9	2.7.9.x
zope / zope	2.8.3	2.8.3.x
zope / zope	2.7.1	2.7.1.x
zope / zope	2.7.2	2.7.2.x
zope / zope	2.8.1	2.8.1.x
zope / zope	2.8.4	2.8.4.x
zope / zope	2.7.8	2.7.8.x
zope / zope	2.7.7	2.7.7.x
zope / zope	2.8.7	2.8.7.x

http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html
http://secunia.com/advisories/21947
http://secunia.com/advisories/21953
http://www.debian.org/security/2006/dsa-1176
http://www.securityfocus.com/bid/20022
http://www.vupen.com/english/advisories/2006/3653
http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt

Vulnerability Database

289,784

CVE-2006-4684