Vulnerability Details : CVE-2006-4684
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
Products affected by CVE-2006-4684
- cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zope:2.8.8:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4684
0.66%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4684
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2006-4684
-
http://www.vupen.com/english/advisories/2006/3653
Site en construction
-
http://www.securityfocus.com/bid/20022
-
http://www.debian.org/security/2006/dsa-1176
[SECURITY] [DSA 1176-1] New zope2.7 packages fix information disclosurePatch;Vendor Advisory
-
http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt
404 Not FoundPatch
-
http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html
[Zope-Annce] Hotfix for Further reST Integration Issue
Jump to