#VU111183 Input validation error in Zope - CVE-2005-3323

Cybersecurity Help s.r.o.

Published: 2005-10-27 | Updated: 2025-06-17

Vulnerability identifier: #VU111183

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2005-3323

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Zope
Web applications / Other software

Vendor: Zope

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Zope: 2.6

External links
https://secunia.com/advisories/17173
https://secunia.com/advisories/17309
https://secunia.com/advisories/17676
https://www.debian.org/security/2005/dsa-910
https://www.gentoo.org/security/en/glsa/glsa-200510-20.xml
https://www.novell.com/linux/security/advisories/2005_27_sr.html
https://www.securityfocus.com/bid/15082
https://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert
https://usn.ubuntu.com/229-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Input validation error in Zope

Gentoo update for Zope