Detections
Analytics
CVE-2006-3458
medium
Description
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/27636
http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt
http://www.vupen.com/english/advisories/2006/2681
http://www.securityfocus.com/bid/18856
http://www.novell.com/linux/security/advisories/2006_19_sr.html
http://www.debian.org/security/2006/dsa-1113
http://secunia.com/advisories/21459
http://secunia.com/advisories/21130
http://secunia.com/advisories/21025
http://secunia.com/advisories/20988
http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html