CVE-2006-4684 Information

Description

The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup which allows remote attackers to read arbitrary files via a csv_table directive a different vulnerability than CVE-2006-3458.

Reference

http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html http://secunia.com/advisories/21947 http://secunia.com/advisories/21953 http://www.debian.org/security/2006/dsa-1176 http://www.securityfocus.com/bid/20022 http://www.vupen.com/english/advisories/2006/3653 http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt