CVE-2006-3458
6 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the “raw” command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
References
mail.zope.org/pipermail/zope-announce/2006-July/001984.html
secunia.com/advisories/20988
secunia.com/advisories/21025
secunia.com/advisories/21130
secunia.com/advisories/21459
www.debian.org/security/2006/dsa-1113
www.novell.com/linux/security/advisories/2006_19_sr.html
www.securityfocus.com/bid/18856
www.vupen.com/english/advisories/2006/2681
www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/README.txt
exchange.xforce.ibmcloud.com/vulnerabilities/27636
usn.ubuntu.com/317-1/
Related
6 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.3%