Vulnerability Description
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zope | Zope | 2.7.0 |
References
- http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html
- http://secunia.com/advisories/20988Vendor Advisory
- http://secunia.com/advisories/21025Vendor Advisory
- http://secunia.com/advisories/21130Vendor Advisory
- http://secunia.com/advisories/21459Vendor Advisory
- http://www.debian.org/security/2006/dsa-1113
- http://www.novell.com/linux/security/advisories/2006_19_sr.html
- http://www.securityfocus.com/bid/18856
- http://www.vupen.com/english/advisories/2006/2681Vendor Advisory
- http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27636
- https://usn.ubuntu.com/317-1/
- http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html
- http://secunia.com/advisories/20988Vendor Advisory
- http://secunia.com/advisories/21025Vendor Advisory
FAQ
What is CVE-2006-3458?
CVE-2006-3458 is a vulnerability with a CVSS score of 2.1 (LOW). Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils,...
How severe is CVE-2006-3458?
CVE-2006-3458 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3458?
Check the references section above for vendor advisories and patch information. Affected products include: Zope Zope.