← back
CVE-2006-3458

CVE-2006-3458

EPSS 0.4%
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://mail.zope.org/pipermail/zope-announce/2006-July/001984.htmlhttp://secunia.com/advisories/20988http://secunia.com/advisories/21025http://secunia.com/advisories/21130http://secunia.com/advisories/21459https://exchange.xforce.ibmcloud.com/vulnerabilities/27636https://usn.ubuntu.com/317-1/http://www.debian.org/security/2006/dsa-1113http://www.novell.com/linux/security/advisories/2006_19_sr.htmlhttp://www.securityfocus.com/bid/18856http://www.vupen.com/english/advisories/2006/2681http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt