CVE-2006-4684
First published: Tue Sep 19 2006(Updated: )
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zope Zope | =2.8.0 | |
| Zope Zope | =2.8.8 | |
| Zope Zope | =2.7.0 | |
| Zope Zope | =2.7.6 | |
| Zope Zope | =2.7.5 | |
| Zope Zope | =2.7.3 | |
| Zope Zope | =2.8.5 | |
| Zope Zope | =2.8.2 | |
| Zope Zope | =2.8.6 | |
| Zope Zope | =2.7.4 | |
| Zope Zope | =2.7.9 | |
| Zope Zope | =2.8.3 | |
| Zope Zope | =2.7.1 | |
| Zope Zope | =2.7.2 | |
| Zope Zope | =2.8.1 | |
| Zope Zope | =2.8.4 | |
| Zope Zope | =2.7.8 | |
| Zope Zope | =2.7.7 | |
| Zope Zope | =2.8.7 | |
| pip/zope2 | >=2.8.0<2.8.9 | 2.8.9 |
| pip/zope2 | >=2.7.0<=2.7.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html
- http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt
- http://www.debian.org/security/2006/dsa-1176
- http://secunia.com/advisories/21947
- http://secunia.com/advisories/21953
- http://www.securityfocus.com/bid/20022
- http://www.vupen.com/english/advisories/2006/3653
- https://nvd.nist.gov/vuln/detail/CVE-2006-4684
- https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-8.yaml
- https://github.com/advisories/GHSA-hm8g-jxjj-gfm3 (Advisory)
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-hm8g-jxjj-gfm3
- alias/CVE-2006-4684
- agent/software-canonical-lookup
- vendor/zope
- canonical/zope zope
- version/zope zope/2.8.0
- version/zope zope/2.8.8
- version/zope zope/2.7.0
- version/zope zope/2.7.6
- version/zope zope/2.7.5
- version/zope zope/2.7.3
- version/zope zope/2.8.5
- version/zope zope/2.8.2
- version/zope zope/2.8.6
- version/zope zope/2.7.4
- version/zope zope/2.7.9
- version/zope zope/2.8.3
- version/zope zope/2.7.1
- version/zope zope/2.7.2
- version/zope zope/2.8.1
- version/zope zope/2.8.4
- version/zope zope/2.7.8
- version/zope zope/2.7.7
- version/zope zope/2.8.7
- package-manager/pip