Miggo Logo
Miggo Vulnerability Database
CVE-2006-4684

CVE-2006-4684: Zope allows remote attackers to read arbitrary files

5

CVSS Score

Basic Information

CVE ID
CVE-2006-4684
GHSA ID
GHSA-hm8g-jxjj-gfm3
EPSS Score
0.71308%
CWE
-
Published
5/1/2022
Updated
11/21/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
zope2pip>= 2.7.0, <= 2.7.9
zope2pip>= 2.8.0, < 2.8.92.8.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Zope's integration of docutils' reST parser, which included the csv_table directive. This directive allows embedding CSV files via the 'file' parameter. Zope's implementation failed to restrict file path access, letting attackers traverse directories. The high-confidence entry points to docutils' CSVTable.run method, which executes the file read operation. The medium-confidence entry reflects Zope's failure to disable/sanitize this directive in its ReST processing layer, though the exact Zope-side function isn't explicitly named in available sources. The fix involved disabling the directive entirely, confirming its role in the exploit.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *o*utils mo*ul* in Zop* (Zop**) *.*.* t*rou** *.*.* *n* *.*.* t*rou** *.*.* *o*s not prop*rly **n*l* w** p***s wit* r*Stru*tur**T*xt (r*ST) m*rkup, w*i** *llows r*mot* *tt**k*rs to r*** *r*itr*ry *il*s vi* * *sv_t**l* *ir**tiv*, * *i***r*nt vuln*

Reasoning

T** vuln*r**ility st*ms *rom Zop*'s int**r*tion o* *o*utils' r*ST p*rs*r, w*i** in*lu*** t** `*sv_t**l*` *ir**tiv*. T*is *ir**tiv* *llows *m****in* *SV *il*s vi* t** '*il*' p*r*m*t*r. Zop*'s impl*m*nt*tion **il** to r*stri*t *il* p*t* ****ss, l*ttin*