Ubuntu Security Notice (C) 2006-2015 Canonical, Inc. / NASL script (C) 2007-2015 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Zope did not deactivate the 'raw' command when exposing
RestructuredText functionalities to untrusted users. A remote user
with the privilege of editing Zope webpages with RestructuredText
could exploit this to expose arbitrary files that can be read with the
privileges of the Zope server.
Update the affected zope2.8 and / or zope2.8-sandbox packages.
Risk factor :
Low / CVSS Base Score : 2.1
CVSS Temporal Score : 1.8
Public Exploit Available : true