Miggo Logo

CVE-2006-3458: Zope allows local users to read arbitrary files

2.1

CVSS Score

Basic Information

EPSS Score
0.29162%
CWE
-
Published
5/1/2022
Updated
11/21/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
AV:L/AC:L/Au:N/C:P/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
Zope2pip>= 2.7.0, < 2.7.82.7.8
Zope2pip>= 2.8.0, < 2.8.72.8.7
Zope2pip>= 2.9.0, < 2.9.32.9.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Zope's integration of docutils' reStructuredText parser without disabling the 'raw' directive. The 'restructuredtext' transform function in Products/PortalTransforms would have invoked docutils' parsing functionality. The security fix explicitly mentions disabling the 'raw' command, indicating this was the entry point where unsafe configuration occurred. The file path is inferred from Zope's standard transform architecture and docutils integration patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Zop* *.*.* to *.*.*, *.*.* to *.*.*, *n* *.*.* to *.*.* (Zop**) *o*s not *is**l* t** "r*w" *omm*n* w**n provi*in* untrust** us*rs wit* r*stru*tur** t*xt (r*Stru*tur**T*xt) *un*tion*lity *rom *o*utils, w*i** *llows lo**l us*rs to r*** *r*itr*ry *il*s.

Reasoning

T** vuln*r**ility st*ms *rom Zop*'s int**r*tion o* *o*utils' r*Stru*tur**T*xt p*rs*r wit*out *is**lin* t** 'r*w' *ir**tiv*. T** 'r*stru*tur**t*xt' tr*ns*orm `*un*tion` in Pro*u*ts/Port*lTr*ns*orms woul* **v* invok** *o*utils' p*rsin* *un*tion*lity. T