Description

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.

Remediation

References

CVE-2006-3458

Related Vulnerabilities

Oracle Application Server CVE-2008-0349 Vulnerability (CVE-2008-0349)

WebLogic CVE-2016-3551 Vulnerability (CVE-2016-3551)

WordPress Plugin Zlick Paywall Security Bypass (2.2.1)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-13258)

Oracle JRE CVE-2019-2999 Vulnerability (CVE-2019-2999)

Severity

Low

Classification

CVE-2006-3458

Tags

Missing Update Known Vulnerabilities