Input validation error in Zope

Published: 2005-10-27 | Updated: 2025-06-17

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2005-3323
CWE-ID	CWE-20
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Zope Web applications / Other software
Vendor	Zope

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Input validation error

EUVDB-ID: #VU111183

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2005-3323

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Zope: 2.6

CPE2.3

cpe:2.3:a:zope:zope:2.6:*:*:*:*:*:*:*

External links

https://secunia.com/advisories/17173
https://secunia.com/advisories/17309
https://secunia.com/advisories/17676
https://www.debian.org/security/2005/dsa-910
https://www.gentoo.org/security/en/glsa/glsa-200510-20.xml
https://www.novell.com/linux/security/advisories/2005_27_sr.html
https://www.securityfocus.com/bid/15082
https://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert
https://usn.ubuntu.com/229-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.