cvelistv5 - cve-2006-3458

CVE-2006-3458 (GCVE-0-2006-3458)

Vulnerability from cvelistv5 – Published: 2006-07-07 23:00 – Updated: 2024-08-07 18:30

Summary

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/21025	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.zope.org/Products/Zope/Hotfix-2006-07-…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2006/2681	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/21130	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/21459	third-party-advisoryx_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://www.debian.org/security/2006/dsa-1113	vendor-advisoryx_refsource_DEBIAN
	http://www.securityfocus.com/bid/18856	vdb-entryx_refsource_BID
	http://secunia.com/advisories/20988	third-party-advisoryx_refsource_SECUNIA
	http://mail.zope.org/pipermail/zope-announce/2006…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/317-1/	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:33.592Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "21025",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21025"
          },
          {
            "name": "zope-docutils-information-disclosure(27636)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
          },
          {
            "name": "ADV-2006-2681",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2681"
          },
          {
            "name": "21130",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21130"
          },
          {
            "name": "21459",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21459"
          },
          {
            "name": "SUSE-SR:2006:019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
          },
          {
            "name": "DSA-1113",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1113"
          },
          {
            "name": "18856",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18856"
          },
          {
            "name": "20988",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20988"
          },
          {
            "name": "[Zope-announce] 20060706 Serious security problem with Zope 2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
          },
          {
            "name": "USN-317-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/317-1/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "21025",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21025"
        },
        {
          "name": "zope-docutils-information-disclosure(27636)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
        },
        {
          "name": "ADV-2006-2681",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2681"
        },
        {
          "name": "21130",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21130"
        },
        {
          "name": "21459",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21459"
        },
        {
          "name": "SUSE-SR:2006:019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
        },
        {
          "name": "DSA-1113",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1113"
        },
        {
          "name": "18856",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18856"
        },
        {
          "name": "20988",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20988"
        },
        {
          "name": "[Zope-announce] 20060706 Serious security problem with Zope 2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
        },
        {
          "name": "USN-317-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/317-1/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3458",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "21025",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21025"
            },
            {
              "name": "zope-docutils-information-disclosure(27636)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
            },
            {
              "name": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt",
              "refsource": "CONFIRM",
              "url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
            },
            {
              "name": "ADV-2006-2681",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2681"
            },
            {
              "name": "21130",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21130"
            },
            {
              "name": "21459",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21459"
            },
            {
              "name": "SUSE-SR:2006:019",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
            },
            {
              "name": "DSA-1113",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1113"
            },
            {
              "name": "18856",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18856"
            },
            {
              "name": "20988",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20988"
            },
            {
              "name": "[Zope-announce] 20060706 Serious security problem with Zope 2",
              "refsource": "MLIST",
              "url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
            },
            {
              "name": "USN-317-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/317-1/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3458",
    "datePublished": "2006-07-07T23:00:00",
    "dateReserved": "2006-07-07T00:00:00",
    "dateUpdated": "2024-08-07T18:30:33.592Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E296CD1C-2601-4A63-9E9D-38A39C84BF5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FF9B22D-6EF3-4364-A016-041457C4DFC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88153606-52FE-4C0B-88CD-B76538C19055\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAA38381-4C32-4C55-8116-341028D1888A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B294E38-65FD-474D-BABC-9447EF33202A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"685805FD-1A33-480E-A313-255EDF0B5266\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D827148D-4A8A-41DB-91B6-0049706D53D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0273EF1B-BC64-432F-8966-68547DFAD6BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A52CDCE-172C-4FAC-9015-ACF362E8E8A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"234C776B-C053-484C-ADE4-ED270064943F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"244107E5-42B0-4695-BBC9-5B90AD0A1336\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93785E75-3F82-471E-B802-6337A6469AF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B34066B4-CE72-4271-9CFD-F725F7D17C89\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81028DBB-7A75-4D27-8027-947F15CAA21E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62BCE60F-9081-44D3-87FC-396D1A954626\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBA09D22-779C-4E63-B216-B931FA11E014\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EC9CB4D-3DE0-425B-9897-03C23379B5F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82D9A178-BF69-4C23-BEC8-D175FD58E10D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0279FD6-9E30-429A-BB70-9B7AF7055160\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78E8ABCF-A7BE-4AB7-BFE9-CF29F7E02860\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \\\"raw\\\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.\"}, {\"lang\": \"es\", \"value\": \"Zope 2.7.0 a 2.7.8, 2.8.0 a 2.8.7, y 2.9.0 a 2.9.3 (Zope2) no desabilita el comando \\\"raw\\\" cuando se mantiene a usuarios no v\\u00e1lidos con la funcionalidad de texto reestructurado (reStructuredText) desde docutils, lo cual permite a usuarios locales leer archivos de su elecci\\u00f3n.\"}]",
      "id": "CVE-2006-3458",
      "lastModified": "2024-11-21T00:13:39.530",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-07-07T23:05:00.000",
      "references": "[{\"url\": \"http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/20988\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21025\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21130\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21459\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2006/dsa-1113\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2006_19_sr.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/18856\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2681\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27636\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/317-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20988\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21025\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21130\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21459\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2006/dsa-1113\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2006_19_sr.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/18856\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2681\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27636\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/317-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3458\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-07-07T23:05:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \\\"raw\\\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.\"},{\"lang\":\"es\",\"value\":\"Zope 2.7.0 a 2.7.8, 2.8.0 a 2.8.7, y 2.9.0 a 2.9.3 (Zope2) no desabilita el comando \\\"raw\\\" cuando se mantiene a usuarios no v\u00e1lidos con la funcionalidad de texto reestructurado (reStructuredText) desde docutils, lo cual permite a usuarios locales leer archivos de su elecci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E296CD1C-2601-4A63-9E9D-38A39C84BF5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FF9B22D-6EF3-4364-A016-041457C4DFC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88153606-52FE-4C0B-88CD-B76538C19055\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAA38381-4C32-4C55-8116-341028D1888A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B294E38-65FD-474D-BABC-9447EF33202A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"685805FD-1A33-480E-A313-255EDF0B5266\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D827148D-4A8A-41DB-91B6-0049706D53D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0273EF1B-BC64-432F-8966-68547DFAD6BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A52CDCE-172C-4FAC-9015-ACF362E8E8A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"234C776B-C053-484C-ADE4-ED270064943F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"244107E5-42B0-4695-BBC9-5B90AD0A1336\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93785E75-3F82-471E-B802-6337A6469AF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B34066B4-CE72-4271-9CFD-F725F7D17C89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81028DBB-7A75-4D27-8027-947F15CAA21E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62BCE60F-9081-44D3-87FC-396D1A954626\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBA09D22-779C-4E63-B216-B931FA11E014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EC9CB4D-3DE0-425B-9897-03C23379B5F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82D9A178-BF69-4C23-BEC8-D175FD58E10D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0279FD6-9E30-429A-BB70-9B7AF7055160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78E8ABCF-A7BE-4AB7-BFE9-CF29F7E02860\"}]}]}],\"references\":[{\"url\":\"http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20988\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21025\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21130\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21459\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2006/dsa-1113\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_19_sr.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/18856\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2681\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27636\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/317-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21025\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21459\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2006/dsa-1113\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_19_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18856\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27636\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/317-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2006-3458

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3458

Aliases

CVE-2006-3458

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3458",
    "description": "Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.",
    "id": "GSD-2006-3458",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-3458.html",
      "https://www.debian.org/security/2006/dsa-1113"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3458"
      ],
      "details": "Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.",
      "id": "GSD-2006-3458",
      "modified": "2023-12-13T01:19:57.326427Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3458",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "21025",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21025"
          },
          {
            "name": "zope-docutils-information-disclosure(27636)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
          },
          {
            "name": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt",
            "refsource": "CONFIRM",
            "url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
          },
          {
            "name": "ADV-2006-2681",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2681"
          },
          {
            "name": "21130",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21130"
          },
          {
            "name": "21459",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21459"
          },
          {
            "name": "SUSE-SR:2006:019",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
          },
          {
            "name": "DSA-1113",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-1113"
          },
          {
            "name": "18856",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18856"
          },
          {
            "name": "20988",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20988"
          },
          {
            "name": "[Zope-announce] 20060706 Serious security problem with Zope 2",
            "refsource": "MLIST",
            "url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
          },
          {
            "name": "USN-317-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/317-1/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3458"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
            },
            {
              "name": "20988",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20988"
            },
            {
              "name": "[Zope-announce] 20060706 Serious security problem with Zope 2",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
            },
            {
              "name": "18856",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/18856"
            },
            {
              "name": "21025",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21025"
            },
            {
              "name": "DSA-1113",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-1113"
            },
            {
              "name": "21130",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21130"
            },
            {
              "name": "SUSE-SR:2006:019",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
            },
            {
              "name": "21459",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21459"
            },
            {
              "name": "ADV-2006-2681",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2681"
            },
            {
              "name": "zope-docutils-information-disclosure(27636)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
            },
            {
              "name": "USN-317-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/317-1/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-03T21:43Z",
      "publishedDate": "2006-07-07T23:05Z"
    }
  }
}

FKIE_CVE-2006-3458

Vulnerability from fkie_nvd - Published: 2006-07-07 23:05 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html
cve@mitre.org	http://secunia.com/advisories/20988	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/21025	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/21130	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/21459	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2006/dsa-1113
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_19_sr.html
cve@mitre.org	http://www.securityfocus.com/bid/18856
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2681	Vendor Advisory
cve@mitre.org	http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27636
cve@mitre.org	https://usn.ubuntu.com/317-1/
af854a3a-2127-422b-91ae-364da2661108	http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20988	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21025	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21130	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21459	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-1113
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_19_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18856
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2681	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27636
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/317-1/

Impacted products

Vendor	Product	Version
zope	zope	2.7.0
zope	zope	2.7.1
zope	zope	2.7.2
zope	zope	2.7.3
zope	zope	2.7.4
zope	zope	2.7.5
zope	zope	2.7.6
zope	zope	2.7.7
zope	zope	2.7.8
zope	zope	2.8.0
zope	zope	2.8.1
zope	zope	2.8.2
zope	zope	2.8.3
zope	zope	2.8.4
zope	zope	2.8.5
zope	zope	2.8.6
zope	zope	2.8.7
zope	zope	2.9.0
zope	zope	2.9.1
zope	zope	2.9.2
zope	zope	2.9.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zope:zope:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E296CD1C-2601-4A63-9E9D-38A39C84BF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF9B22D-6EF3-4364-A016-041457C4DFC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "88153606-52FE-4C0B-88CD-B76538C19055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAA38381-4C32-4C55-8116-341028D1888A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B294E38-65FD-474D-BABC-9447EF33202A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "685805FD-1A33-480E-A313-255EDF0B5266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D827148D-4A8A-41DB-91B6-0049706D53D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0273EF1B-BC64-432F-8966-68547DFAD6BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.7.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A52CDCE-172C-4FAC-9015-ACF362E8E8A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "234C776B-C053-484C-ADE4-ED270064943F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "244107E5-42B0-4695-BBC9-5B90AD0A1336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "93785E75-3F82-471E-B802-6337A6469AF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B34066B4-CE72-4271-9CFD-F725F7D17C89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A40B0D1-1812-4BC7-AC7D-CCE6184A9DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "81028DBB-7A75-4D27-8027-947F15CAA21E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "62BCE60F-9081-44D3-87FC-396D1A954626",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA09D22-779C-4E63-B216-B931FA11E014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC9CB4D-3DE0-425B-9897-03C23379B5F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82D9A178-BF69-4C23-BEC8-D175FD58E10D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0279FD6-9E30-429A-BB70-9B7AF7055160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zope:2.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E8ABCF-A7BE-4AB7-BFE9-CF29F7E02860",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files."
    },
    {
      "lang": "es",
      "value": "Zope 2.7.0 a 2.7.8, 2.8.0 a 2.8.7, y 2.9.0 a 2.9.3 (Zope2) no desabilita el comando \"raw\" cuando se mantiene a usuarios no v\u00e1lidos con la funcionalidad de texto reestructurado (reStructuredText) desde docutils, lo cual permite a usuarios locales leer archivos de su elecci\u00f3n."
    }
  ],
  "id": "CVE-2006-3458",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-07-07T23:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20988"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21025"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21130"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21459"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1113"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18856"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2681"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/317-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21459"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1113"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/317-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2006-AVI-304

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Une vulnérabilité présente sur Zope peut être exploitée par un utilisateur mal intentionné pour accéder à des pages non autorisées sur le serveur. Cette vulnérabilité ne peut être exploitée que par un utilisateur ayant les privilèges d'éditer des pages en mode « restructured text ».

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Zope versions 2.x antérieures à la version 2.7.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Debian	None	vendor-advisory
Bulletin de sécurité FreeBSD du 14 juillet 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eZope versions 2.x ant\u00e9rieures \u00e0 la  version 2.7.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 pr\u00e9sente sur Zope peut \u00eatre exploit\u00e9e par un\nutilisateur mal intentionn\u00e9 pour acc\u00e9der \u00e0 des pages non autoris\u00e9es sur\nle serveur. Cette vuln\u00e9rabilit\u00e9 ne peut \u00eatre exploit\u00e9e que par un\nutilisateur ayant les privil\u00e8ges d\u0027\u00e9diter des pages en mode \u00ab\nrestructured text \u00bb.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-3458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3458"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD du 14 juillet 2006 :",
      "url": "http://www.vuxml.org/freebsd/"
    }
  ],
  "reference": "CERTA-2006-AVI-304",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2006-07-20T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 FreeBSD.",
      "revision_date": "2006-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 sur zope",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Debian",
      "url": "http://www.debian.org/security/2006/dsa-1113"
    }
  ]
}

CERTA-2006-AVI-304

Vulnerability from certfr_avis - Published: - Updated:

None

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Zope versions 2.x antérieures à la version 2.7.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Debian	None	vendor-advisory
Bulletin de sécurité FreeBSD du 14 juillet 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eZope versions 2.x ant\u00e9rieures \u00e0 la  version 2.7.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 pr\u00e9sente sur Zope peut \u00eatre exploit\u00e9e par un\nutilisateur mal intentionn\u00e9 pour acc\u00e9der \u00e0 des pages non autoris\u00e9es sur\nle serveur. Cette vuln\u00e9rabilit\u00e9 ne peut \u00eatre exploit\u00e9e que par un\nutilisateur ayant les privil\u00e8ges d\u0027\u00e9diter des pages en mode \u00ab\nrestructured text \u00bb.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-3458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3458"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD du 14 juillet 2006 :",
      "url": "http://www.vuxml.org/freebsd/"
    }
  ],
  "reference": "CERTA-2006-AVI-304",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2006-07-20T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 FreeBSD.",
      "revision_date": "2006-07-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 sur zope",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Debian",
      "url": "http://www.debian.org/security/2006/dsa-1113"
    }
  ]
}

PYSEC-2006-7

Vulnerability from pysec - Published: 2006-07-07 23:05 - Updated: 2024-11-21 14:23

Details

Impacted products

Name	purl
zope2	pkg:pypi/zope2

Aliases

CVE-2006-3458

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "zope2",
        "purl": "pkg:pypi/zope2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.12.0",
        "2.12.0.a1",
        "2.12.0a2",
        "2.12.0a3",
        "2.12.0a4",
        "2.12.0b1",
        "2.12.0b2",
        "2.12.0b3",
        "2.12.0b4",
        "2.12.0c1",
        "2.12.1",
        "2.12.10",
        "2.12.11",
        "2.12.12",
        "2.12.13",
        "2.12.14",
        "2.12.15",
        "2.12.16",
        "2.12.17",
        "2.12.18",
        "2.12.19",
        "2.12.2",
        "2.12.20",
        "2.12.21",
        "2.12.22",
        "2.12.23",
        "2.12.24",
        "2.12.25",
        "2.12.26",
        "2.12.27",
        "2.12.28",
        "2.12.3",
        "2.12.4",
        "2.12.5",
        "2.12.6",
        "2.12.7",
        "2.12.8",
        "2.12.9",
        "2.13.0",
        "2.13.0a1",
        "2.13.0a2",
        "2.13.0a3",
        "2.13.0a4",
        "2.13.0b1",
        "2.13.0c1",
        "2.13.1",
        "2.13.10",
        "2.13.11",
        "2.13.12",
        "2.13.13",
        "2.13.14",
        "2.13.15",
        "2.13.16",
        "2.13.17",
        "2.13.18",
        "2.13.19",
        "2.13.2",
        "2.13.20",
        "2.13.21",
        "2.13.22",
        "2.13.23",
        "2.13.24",
        "2.13.25",
        "2.13.26",
        "2.13.27",
        "2.13.28",
        "2.13.29",
        "2.13.3",
        "2.13.30",
        "2.13.4",
        "2.13.5",
        "2.13.6",
        "2.13.7",
        "2.13.8",
        "2.13.9",
        "4.0",
        "4.0a1",
        "4.0a2",
        "4.0a3",
        "4.0a4",
        "4.0a5",
        "4.0a6",
        "4.0b1"
      ]
    }
  ],
  "aliases": [
    "CVE-2006-3458"
  ],
  "details": "Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.",
  "id": "PYSEC-2006-7",
  "modified": "2024-11-21T14:23:03.576588Z",
  "published": "2006-07-07T23:05:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/20988"
    },
    {
      "type": "WEB",
      "url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18856"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/21025"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.debian.org/security/2006/dsa-1113"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/21130"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/21459"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.vupen.com/english/advisories/2006/2681"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/317-1/"
    }
  ],
  "withdrawn": "2024-11-22T04:37:05Z"
}

GHSA-JCJP-QQPQ-PC54

Vulnerability from github – Published: 2022-05-01 07:09 – Updated: 2024-11-21 22:13

Summary

Zope allows local users to read arbitrary files

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Zope2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.7.0"
            },
            {
              "fixed": "2.7.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Zope2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.8.0"
            },
            {
              "fixed": "2.8.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Zope2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.9.0"
            },
            {
              "fixed": "2.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2006-3458"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-21T22:13:08Z",
    "nvd_published_at": "2006-07-07T23:05:00Z",
    "severity": "LOW"
  },
  "details": "Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the \"raw\" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.",
  "id": "GHSA-jcjp-qqpq-pc54",
  "modified": "2024-11-21T22:13:08Z",
  "published": "2022-05-01T07:09:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3458"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27636"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/zope2/PYSEC-2006-7.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/zopefoundation/Zope"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/317-1"
    },
    {
      "type": "WEB",
      "url": "http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-1113"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_19_sr.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Zope allows local users to read arbitrary files"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3458 (GCVE-0-2006-3458)

GSD-2006-3458

FKIE_CVE-2006-3458

CERTA-2006-AVI-304

Description

Solution

CERTA-2006-AVI-304

Description

Solution

PYSEC-2006-7

GHSA-JCJP-QQPQ-PC54

Tags

Sightings

Nomenclature