Release date:
Updated on:
Affected Systems:
Movable Type 5.12
Movable Type 5.11
Movable Type 5.06
Movable Type 5.051
Movable Type 5.05
Movable Type 5.04
Movable Type 5.03
Movable Type 5.02
Movable Type 5.01
Movable Type 5.0
Movable Type 4.37
Movable Type 4.361
Movable Type 4.36
Movable Type 4.35
Movable Type 4.34
Movable Type 4.27
Movable Type 4.261
Movable Type 4.26
Movable Type 4.25
Movable Type 4.24
Movable Type 4.23
Movable Type 4.22
Movable Type 4.21
Movable Type 4.13
Movable Type 4.01
Movable Type 4
Unaffected system:
Movable Type 5.13
Movable Type 5.07
Movable Type 4.38
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52138
Cve id: CVE-2012-0317, CVE-2012-0318, CVE-2012-0319, CVE-2012-0320, CVE-2012-1262
Movable Type is a professional release platform.
Movable Type has multiple cross-site scripting vulnerabilities, Cross-Site Request Forgery vulnerabilities, session hijacking vulnerabilities, and remote command execution vulnerabilities, attackers can exploit these vulnerabilities to execute arbitrary script code and commands in the user browsers of the affected sites to steal authentication creden。 and leak sensitive information.
<* Source: Trustwave
Link: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt
Http://www.movabletype.org/documentation/appendices/release-notes/513.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Movable Type
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.movabletype.org/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
