Lucene search
HistorySep 19, 2006 - 6:07 p.m.
CVE-2006-4684
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.009
Percentile
83.2%
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
Affected configurations
Node
zopezopeMatch2.7.0
ORzopezopeMatch2.7.1
ORzopezopeMatch2.7.2
ORzopezopeMatch2.7.3
ORzopezopeMatch2.7.4
ORzopezopeMatch2.7.5
ORzopezopeMatch2.7.6
ORzopezopeMatch2.7.7
ORzopezopeMatch2.7.8
ORzopezopeMatch2.7.9
ORzopezopeMatch2.8.0
ORzopezopeMatch2.8.1
ORzopezopeMatch2.8.2
ORzopezopeMatch2.8.3
ORzopezopeMatch2.8.4
ORzopezopeMatch2.8.5
ORzopezopeMatch2.8.6
ORzopezopeMatch2.8.7
ORzopezopeMatch2.8.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zope | zope | 2.7.0 | cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:* |
| zope | zope | 2.7.1 | cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:* |
| zope | zope | 2.7.2 | cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:* |
| zope | zope | 2.7.3 | cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:* |
| zope | zope | 2.7.4 | cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:* |
| zope | zope | 2.7.5 | cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:* |
| zope | zope | 2.7.6 | cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:* |
| zope | zope | 2.7.7 | cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:* |
| zope | zope | 2.7.8 | cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:* |
| zope | zope | 2.7.9 | cpe:2.3:a:zope:zope:2.7.9:*:*:*:*:*:*:* |
References
Related
ubuntucve
ubuntucve
cvelist
cvelist
cve
cve
openvas
openvas
FreeBSD Ports: zope
2008-09-04 00:00:00
Debian: Security Advisory (DSA-1176-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 1176-1 (zope2.7)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 1176-1] New zope2.7 packages fix information disclosure
2006-09-13 20:31:26
[SECURITY] [DSA 1113-1] New zope2.7 packages fix information disclosure
2006-07-18 21:22:08
securityvulns
securityvulns
[SECURITY] [DSA 1176-1] New zope2.7 packages fix information disclosure
2006-09-14 00:00:00
nessus
nessus
freebsd
freebsd
zope -- restructuredText "csv_table" Information Disclosure
2006-08-21 00:00:00
zope -- information disclosure vulnerability
2006-07-05 00:00:00
ubuntu
ubuntu
zope2.8 vulnerability
2006-07-13 00:00:00
nvd
nvd
CVE-2006-3458
2006-07-07 23:05:00
CVE-2006-3695
2006-07-21 14:03:00
osv
osv
zope2.7 - programming error
2006-07-18 00:00:00
PYSEC-2006-2
2006-07-21 14:03:00
github
github
Trac reStructuredText breach of privacy and denial of service vulnerability
2022-05-01 07:11:38
debiancve
debiancve
CVE-2006-3695
2006-07-21 14:03:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.009
Percentile
83.2%
Related for NVD:CVE-2006-4684