Vulnerabilities > CVE-2006-4684 - Information Disclosure vulnerability in Zope CSV_Table
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Zope
| 19 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1176.NASL description It was discovered that the Zope web application server does not disable the csv_table directive in web pages containing ReST markup, allowing the exposure of files readable by the Zope server. last seen 2020-06-01 modified 2020-06-02 plugin id 22718 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22718 title Debian DSA-1176-1 : zope2.7 - programming error code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1176. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22718); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-4684"); script_xref(name:"DSA", value:"1176"); script_name(english:"Debian DSA-1176-1 : zope2.7 - programming error"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that the Zope web application server does not disable the csv_table directive in web pages containing ReST markup, allowing the exposure of files readable by the Zope server." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1176" ); script_set_attribute( attribute:"solution", value: "Upgrade the Zope package. For the stable distribution (sarge) this problem has been fixed in version 2.7.5-2sarge2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:zope2.7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/09/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"zope2.7", reference:"2.7.5-2sarge3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_65A8F7734A3711DBA4CC000A48049292.NASL description Secunia reports : A vulnerability has been reported in Zope, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the use of the docutils module to parse and render last seen 2020-06-01 modified 2020-06-02 plugin id 22454 published 2006-09-27 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22454 title FreeBSD : zope -- restructuredText 'csv_table' Information Disclosure (65a8f773-4a37-11db-a4cc-000a48049292)
References
- http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html
- http://secunia.com/advisories/21947
- http://secunia.com/advisories/21953
- http://www.debian.org/security/2006/dsa-1176
- http://www.securityfocus.com/bid/20022
- http://www.vupen.com/english/advisories/2006/3653
- http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt