← voltar
CVE-2006-3458

CVE-2006-3458

EPSS 0.4%
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://mail.zope.org/pipermail/zope-announce/2006-July/001984.htmlhttp://secunia.com/advisories/20988http://secunia.com/advisories/21025http://secunia.com/advisories/21130http://secunia.com/advisories/21459https://exchange.xforce.ibmcloud.com/vulnerabilities/27636https://usn.ubuntu.com/317-1/http://www.debian.org/security/2006/dsa-1113http://www.novell.com/linux/security/advisories/2006_19_sr.htmlhttp://www.securityfocus.com/bid/18856http://www.vupen.com/english/advisories/2006/2681http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt