FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

zope -- restructuredText "csv_table" Information Disclosure

Affected packages
2.7.0 <= zope < 2.7.9_1
2.8.0 <= zope < 2.8.8_1

Details

VuXML ID 65a8f773-4a37-11db-a4cc-000a48049292
Discovery 2006-08-21
Entry 2006-09-22
Modified 2006-12-27

Secunia reports:

A vulnerability has been reported in Zope, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error in the use of the docutils module to parse and render "restructured" text. This can be exploited to disclose certain information via the "csv_table" reStructuredText directive.

References

Bugtraq ID 20022
CVE Name CVE-2006-4684
URL http://secunia.com/advisories/21947/
URL http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt