CVE-2006-4684
First published: Tue Sep 19 2006(Updated: )
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| pip/zope2 | >=2.8.0<2.8.9 | 2.8.9 |
| pip/zope2 | >=2.7.0<=2.7.9 | |
| Zope ZODB | =2.7.0 | |
| Zope ZODB | =2.7.1 | |
| Zope ZODB | =2.7.2 | |
| Zope ZODB | =2.7.3 | |
| Zope ZODB | =2.7.4 | |
| Zope ZODB | =2.7.5 | |
| Zope ZODB | =2.7.6 | |
| Zope ZODB | =2.7.7 | |
| Zope ZODB | =2.7.8 | |
| Zope ZODB | =2.7.9 | |
| Zope ZODB | =2.8.0 | |
| Zope ZODB | =2.8.1 | |
| Zope ZODB | =2.8.2 | |
| Zope ZODB | =2.8.3 | |
| Zope ZODB | =2.8.4 | |
| Zope ZODB | =2.8.5 | |
| Zope ZODB | =2.8.6 | |
| Zope ZODB | =2.8.7 | |
| Zope ZODB | =2.8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html
- http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt
- http://www.debian.org/security/2006/dsa-1176
- http://secunia.com/advisories/21947
- http://secunia.com/advisories/21953
- http://www.securityfocus.com/bid/20022
- http://www.vupen.com/english/advisories/2006/3653
- https://nvd.nist.gov/vuln/detail/CVE-2006-4684
- https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-8.yaml
- https://github.com/advisories/GHSA-hm8g-jxjj-gfm3 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2006-4684?
CVE-2006-4684 has a moderate severity level as it allows remote attackers to read arbitrary files.
How do I fix CVE-2006-4684?
To fix CVE-2006-4684, you should upgrade to Zope version 2.8.9 or later.
Which versions of Zope are affected by CVE-2006-4684?
CVE-2006-4684 affects Zope versions 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8.
Can CVE-2006-4684 lead to data exposure?
Yes, CVE-2006-4684 can lead to data exposure as it allows attackers to access arbitrary files on the server.
What is the exploit method for CVE-2006-4684?
The exploit method for CVE-2006-4684 involves using the csv_table directive in web pages with reStructuredText markup.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-hm8g-jxjj-gfm3
- alias/CVE-2006-4684
- agent/software-canonical-lookup
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- collector/github-advisory
- agent/author
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- package-manager/pip
- vendor/zope
- canonical/zope zodb
- version/zope zodb/2.7.0
- version/zope zodb/2.7.1
- version/zope zodb/2.7.2
- version/zope zodb/2.7.3
- version/zope zodb/2.7.4
- version/zope zodb/2.7.5
- version/zope zodb/2.7.6
- version/zope zodb/2.7.7
- version/zope zodb/2.7.8
- version/zope zodb/2.7.9
- version/zope zodb/2.8.0
- version/zope zodb/2.8.1
- version/zope zodb/2.8.2
- version/zope zodb/2.8.3
- version/zope zodb/2.8.4
- version/zope zodb/2.8.5
- version/zope zodb/2.8.6
- version/zope zodb/2.8.7
- version/zope zodb/2.8.8