Vulnerability Bulletins |
Múltiples vulnerabilidades remotas en Movable Type |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software |
Movable Type Movable Type 5.12 Movable Type Movable Type 5.11 Movable Type Movable Type 5.06 Movable Type Movable Type 5.051 Movable Type Movable Type 5.05 Movable Type Movable Type 5.04 Movable Type Movable Type 5.03 Movable Type Movable Type 5.02 Movable Type Movable Type 5.01 Movable Type Movable Type 5.0 Movable Type Movable Type 4.37 Movable Type Movable Type 4.361 Movable Type Movable Type 4.36 Movable Type Movable Type 4.35 Movable Type Movable Type 4.34 Movable Type Movable Type 4.27 Movable Type Movable Type 4.261 Movable Type Movable Type 4.26 Movable Type Movable Type 4.25 Movable Type Movable Type 4.24 Movable Type Movable Type 4.23 Movable Type Movable Type 4.22 Movable Type Movable Type 4.21 Movable Type Movable Type 4.13 Movable Type Movable Type 4.01 Movable Type Movable Type 4 |
Description |
|
|
Se han descubierto múltiples vulnerabilidades en Movable Type: 1. Múltiples vulnerabilidades de tipo cross-site scripting 2. Una vulnerabilidad de tipo CSRF 3. Una vulnerabilidad de tipo session-hijacking 4. Una vulnerabilidad de tipo command-execution Un atacante remoto podría aprovechar estas vulnerabilidades para ejecutar comandos y scripts arbitrarios en el navegador de la víctima, robar sus credenciales mediante cookies, secuestrar su sesión, acceder o modificar información sensible, o llevar a cabo otras acciones no autorizadas. |
|
Solution |
|
|
Aplicar las actualizaciones publicadas por el fabricante. |
|
Standar resources |
|
| Property | Value |
| CVE |
CVE-2012-0317 CVE-2012-0318 CVE-2012-0319 CVE-2012-0320 CVE-2012-1262 |
| BID | |
Other resources |
|
|
Movable Type Multiple Remote Vulnerabilities http://www.securityfocus.com/bid/52138/info Trustwave's SpiderLabs Security Advisory TWSL2012-003 https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Exploit público disponible. | 2012-02-28 |