CVE Vulnerabilities

CVE-2006-3458

Published: Jul 07, 2006 | Modified: Oct 03, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the raw command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.

Affected Software

Name Vendor Start Version End Version
Zope Zope 2.7.0 2.7.0
Zope Zope 2.7.1 2.7.1
Zope Zope 2.7.2 2.7.2
Zope Zope 2.7.3 2.7.3
Zope Zope 2.7.4 2.7.4
Zope Zope 2.7.5 2.7.5
Zope Zope 2.7.6 2.7.6
Zope Zope 2.7.7 2.7.7
Zope Zope 2.7.8 2.7.8
Zope Zope 2.8.0 2.8.0
Zope Zope 2.8.1 2.8.1
Zope Zope 2.8.2 2.8.2
Zope Zope 2.8.3 2.8.3
Zope Zope 2.8.4 2.8.4
Zope Zope 2.8.5 2.8.5
Zope Zope 2.8.6 2.8.6
Zope Zope 2.8.7 2.8.7
Zope Zope 2.9.0 2.9.0
Zope Zope 2.9.1 2.9.1
Zope Zope 2.9.2 2.9.2
Zope Zope 2.9.3 2.9.3
Zope2.10 Ubuntu devel *
Zope2.9 Ubuntu dapper *
Zope2.9 Ubuntu devel *
Zope2.9 Ubuntu edgy *
Zope2.9 Ubuntu feisty *

References