Executive Summary
| Summary | |
|---|---|
| Title | movabletype-opensource security update |
| Informations | |||
|---|---|---|---|
| Name | DSA-2423 | First vendor Publication | 2012-03-02 |
| Vendor | Debian | Last vendor Modification | 2012-03-02 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several vulnerabilities were discovered in Movable Type, a blogging system: Under certain circumstances, a user who has "Create Entries" or "Manage Blog" permissions may be able to read known files on the local file system. The file management system contains shell command injection vulnerabilities, the most serious of which may lead to arbitrary OS command execution by a user who has a permission to sign-in to the admin script and also has a permission to upload files. Session hijack and cross-site request forgery vulnerabilities exist in the commenting and the community script. A remote attacker could hijack the user session or could execute arbitrary script code on victim's browser under the certain circumstances. Templates which do not escape variable properly and mt-wizard.cgi contain cross-site scripting vulnerabilities. For the stable distribution (squeeze), these problems have been fixed in version 4.3.8+dfsg-0+squeeze2. For the testing distribution (wheezy) and the unstable distribution (sid), these problems have been fixed in version 5.1.3+dfsg-1. We recommend that you upgrade your movabletype-opensource packages. |
Original Source
| Url : http://www.debian.org/security/2012/dsa-2423 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 17 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
| 17 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 17 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:14661 | |||
| Oval ID: | oval:org.mitre.oval:def:14661 | ||
| Title: | DSA-2423-1 movabletype-opensource -- several | ||
| Description: | Several vulnerabilities were discovered in Movable Type, a blogging system: Under certain circumstances, a user who has "Create Entries" or "Manage Blog" permissions may be able to read known files on the local file system. The file management system contains shell command injection vulnerabilities, the most serious of which may lead to arbitrary OS command execution by a user who has a permission to sign-in to the admin script and also has a permission to upload files. Session hijack and cross-site request forgery vulnerabilities exist in the commenting and the community script. A remote attacker could hijack the user session or could execute arbitrary script code on victim's browser under the certain circumstances. Templates which do not escape variable properly and mt-wizard.cgi contain cross-site scripting vulnerabilities. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2423-1 CVE-2012-1497 CVE-2012-1262 CVE-2012-0320 CVE-2012-0319 CVE-2012-0318 CVE-2012-0317 CVE-2011-5085 CVE-2011-5084 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | movabletype-opensource |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-03-12 | Name : Debian Security Advisory DSA 2423-1 (movabletype-opensource) File : nvt/deb_2423_1.nasl |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-03-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2423.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2018-01-18 09:23:44 |
|
| 2014-02-17 11:30:53 |
|
