CVE-2006-3458

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the raw command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.

Affected Software

Name	Vendor	Start Version	End Version
Zope	Zope	2.7.0 (including)	2.7.0 (including)
Zope	Zope	2.7.1 (including)	2.7.1 (including)
Zope	Zope	2.7.2 (including)	2.7.2 (including)
Zope	Zope	2.7.3 (including)	2.7.3 (including)
Zope	Zope	2.7.4 (including)	2.7.4 (including)
Zope	Zope	2.7.5 (including)	2.7.5 (including)
Zope	Zope	2.7.6 (including)	2.7.6 (including)
Zope	Zope	2.7.7 (including)	2.7.7 (including)
Zope	Zope	2.7.8 (including)	2.7.8 (including)
Zope	Zope	2.8.0 (including)	2.8.0 (including)
Zope	Zope	2.8.1 (including)	2.8.1 (including)
Zope	Zope	2.8.2 (including)	2.8.2 (including)
Zope	Zope	2.8.3 (including)	2.8.3 (including)
Zope	Zope	2.8.4 (including)	2.8.4 (including)
Zope	Zope	2.8.5 (including)	2.8.5 (including)
Zope	Zope	2.8.6 (including)	2.8.6 (including)
Zope	Zope	2.8.7 (including)	2.8.7 (including)
Zope	Zope	2.9.0 (including)	2.9.0 (including)
Zope	Zope	2.9.1 (including)	2.9.1 (including)
Zope	Zope	2.9.2 (including)	2.9.2 (including)
Zope	Zope	2.9.3 (including)	2.9.3 (including)
Zope2.10	Ubuntu	devel	*
Zope2.9	Ubuntu	dapper	*
Zope2.9	Ubuntu	devel	*
Zope2.9	Ubuntu	edgy	*
Zope2.9	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3458
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References