CVE-2006-4684

Description

The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.

How to fix CVE-2006-4684

To remediate CVE-2006-4684, upgrade the affected package to a fixed version below.

• Debian/zope2.7—upgrade to 2.7.5-2sarge2 or later
• PyPI/zope2—no fix listed
• PyPI/zope2—no fix listed

Is CVE-2006-4684 being exploited?

Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 2.7.5-2sarge2
• >= 2.7.0, <= 2.7.9
• from 0

References (11)

• ADVISORYgithub.com/advisories/GHSA-hm8g-jxjj-gfm3
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2006-4684
• ADVISORYwww.vupen.com/english/advisories/2006/3653
• PATCHsecunia.com/advisories/21947
• PATCHsecunia.com/advisories/21953