CVE-2006-3458
First published: Fri Jul 07 2006(Updated: )
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zope Zope | =2.8.0 | |
| Zope Zope | =2.7.0 | |
| Zope Zope | =2.9.2 | |
| Zope Zope | =2.7.6 | |
| Zope Zope | =2.7.5 | |
| Zope Zope | =2.9.1 | |
| Zope Zope | =2.7.3 | |
| Zope Zope | =2.9.0 | |
| Zope Zope | =2.8.5 | |
| Zope Zope | =2.8.2 | |
| Zope Zope | =2.8.6 | |
| Zope Zope | =2.7.4 | |
| Zope Zope | =2.8.3 | |
| Zope Zope | =2.7.1 | |
| Zope Zope | =2.7.2 | |
| Zope Zope | =2.9.3 | |
| Zope Zope | =2.8.1 | |
| Zope Zope | =2.8.4 | |
| Zope Zope | =2.7.8 | |
| Zope Zope | =2.7.7 | |
| Zope Zope | =2.8.7 | |
| pip/Zope2 | >=2.9.0<2.9.3 | 2.9.3 |
| pip/Zope2 | >=2.8.0<2.8.7 | 2.8.7 |
| pip/Zope2 | >=2.7.0<2.7.8 | 2.7.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt
- http://secunia.com/advisories/20988
- http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html
- http://www.securityfocus.com/bid/18856
- http://secunia.com/advisories/21025
- http://www.debian.org/security/2006/dsa-1113
- http://secunia.com/advisories/21130
- http://www.novell.com/linux/security/advisories/2006_19_sr.html
- http://secunia.com/advisories/21459
- http://www.vupen.com/english/advisories/2006/2681
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27636
- https://usn.ubuntu.com/317-1/
- https://nvd.nist.gov/vuln/detail/CVE-2006-3458
- https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-7.yaml
- https://usn.ubuntu.com/317-1
- https://github.com/advisories/GHSA-jcjp-qqpq-pc54 (Advisory)
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-jcjp-qqpq-pc54
- alias/CVE-2006-3458
- agent/software-canonical-lookup
- vendor/zope
- canonical/zope zope
- version/zope zope/2.8.0
- version/zope zope/2.7.0
- version/zope zope/2.9.2
- version/zope zope/2.7.6
- version/zope zope/2.7.5
- version/zope zope/2.9.1
- version/zope zope/2.7.3
- version/zope zope/2.9.0
- version/zope zope/2.8.5
- version/zope zope/2.8.2
- version/zope zope/2.8.6
- version/zope zope/2.7.4
- version/zope zope/2.8.3
- version/zope zope/2.7.1
- version/zope zope/2.7.2
- version/zope zope/2.9.3
- version/zope zope/2.8.1
- version/zope zope/2.8.4
- version/zope zope/2.7.8
- version/zope zope/2.7.7
- version/zope zope/2.8.7
- package-manager/pip