Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0317

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-0317
Last Modified 20 Sep 2012 11:23:46
Published 02 Mar 2012 11:04:57
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0317

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.

Vulnerable Systems

Application

  • Movabletype Movable Type Advanced 4.0

  • Movabletype Movable Type Advanced 4.01

  • Movabletype Movable Type Advanced 4.1

  • Movabletype Movable Type Advanced 4.2

  • Movabletype Movable Type Advanced 4.23

  • Movabletype Movable Type Advanced 4.25

  • Movabletype Movable Type Advanced 4.26

  • Movabletype Movable Type Advanced 4.261

  • Movabletype Movable Type Advanced 4.3

  • Movabletype Movable Type Advanced 4.31

  • Movabletype Movable Type Advanced 4.32

  • Movabletype Movable Type Advanced 4.33

  • Movabletype Movable Type Advanced 4.34

  • Movabletype Movable Type Advanced 4.35

  • Movabletype Movable Type Advanced 4.36

  • Movabletype Movable Type Advanced 4.361

  • Movabletype Movable Type Advanced 4.37

  • Movabletype Movable Type Advanced 5.02

  • Movabletype Movable Type Advanced 5.03

  • Movabletype Movable Type Advanced 5.031

  • Movabletype Movable Type Advanced 5.04

  • Movabletype Movable Type Advanced 5.05

  • Movabletype Movable Type Advanced 5.051

  • Movabletype Movable Type Advanced 5.06

  • Movabletype Movable Type Advanced 5.1

  • Movabletype Movable Type Advanced 5.11

  • Movabletype Movable Type Advanced 5.12

  • Movabletype Movable Type Enterprise 4.0

  • Movabletype Movable Type Enterprise 4.01

  • Movabletype Movable Type Enterprise 4.1

  • Movabletype Movable Type Enterprise 4.2

  • Movabletype Movable Type Enterprise 4.23

  • Movabletype Movable Type Enterprise 4.25

  • Movabletype Movable Type Enterprise 4.26

  • Movabletype Movable Type Enterprise 4.261

  • Movabletype Movable Type Enterprise 4.3

  • Movabletype Movable Type Enterprise 4.31

  • Movabletype Movable Type Enterprise 4.32

  • Movabletype Movable Type Enterprise 4.33

  • Movabletype Movable Type Enterprise 4.34

  • Movabletype Movable Type Enterprise 4.35

  • Movabletype Movable Type Enterprise 4.36

  • Movabletype Movable Type Enterprise 4.361

  • Movabletype Movable Type Enterprise 4.37

  • Movabletype Movable Type Enterprise 5.02

  • Movabletype Movable Type Enterprise 5.03

  • Movabletype Movable Type Enterprise 5.031

  • Movabletype Movable Type Enterprise 5.04

  • Movabletype Movable Type Enterprise 5.05

  • Movabletype Movable Type Enterprise 5.051

  • Movabletype Movable Type Enterprise 5.06

  • Movabletype Movable Type Enterprise 5.1

  • Movabletype Movable Type Enterprise 5.11

  • Movabletype Movable Type Enterprise 5.12

  • Movabletype Movable Type Open Source 4.0

  • Movabletype Movable Type Open Source 4.01

  • Movabletype Movable Type Open Source 4.1

  • Movabletype Movable Type Open Source 4.2

  • Movabletype Movable Type Open Source 4.23

  • Movabletype Movable Type Open Source 4.25

  • Movabletype Movable Type Open Source 4.26

  • Movabletype Movable Type Open Source 4.261

  • Movabletype Movable Type Open Source 4.3

  • Movabletype Movable Type Open Source 4.31

  • Movabletype Movable Type Open Source 4.32

  • Movabletype Movable Type Open Source 4.33

  • Movabletype Movable Type Open Source 4.34

  • Movabletype Movable Type Open Source 4.35

  • Movabletype Movable Type Open Source 4.36

  • Movabletype Movable Type Open Source 4.361

  • Movabletype Movable Type Open Source 4.37

  • Movabletype Movable Type Open Source 5.02

  • Movabletype Movable Type Open Source 5.03

  • Movabletype Movable Type Open Source 5.031

  • Movabletype Movable Type Open Source 5.04

  • Movabletype Movable Type Open Source 5.05

  • Movabletype Movable Type Open Source 5.051

  • Movabletype Movable Type Open Source 5.06

  • Movabletype Movable Type Open Source 5.1

  • Movabletype Movable Type Open Source 5.11

  • Movabletype Movable Type Open Source 5.12

  • Movabletype Movable Type Pro 4.0

  • Movabletype Movable Type Pro 4.01

  • Movabletype Movable Type Pro 4.1

  • Movabletype Movable Type Pro 4.2

  • Movabletype Movable Type Pro 4.23

  • Movabletype Movable Type Pro 4.25

  • Movabletype Movable Type Pro 4.26

  • Movabletype Movable Type Pro 4.261

  • Movabletype Movable Type Pro 4.3

  • Movabletype Movable Type Pro 4.31

  • Movabletype Movable Type Pro 4.32

  • Movabletype Movable Type Pro 4.33

  • Movabletype Movable Type Pro 4.34

  • Movabletype Movable Type Pro 4.35

  • Movabletype Movable Type Pro 4.36

  • Movabletype Movable Type Pro 4.361

  • Movabletype Movable Type Pro 4.37

  • Movabletype Movable Type Pro 5.02

  • Movabletype Movable Type Pro 5.03

  • Movabletype Movable Type Pro 5.031

  • Movabletype Movable Type Pro 5.04

  • Movabletype Movable Type Pro 5.05

  • Movabletype Movable Type Pro 5.051

  • Movabletype Movable Type Pro 5.06

  • Movabletype Movable Type Pro 5.1

  • Movabletype Movable Type Pro 5.11

  • Movabletype Movable Type Pro 5.12

  • Sixapart Movable Type 4.0

  • Sixapart Movable Type 4.1

  • Sixapart Movable Type 4.12

  • Sixapart Movable Type 4.15

  • Sixapart Movable Type 4.2

  • Sixapart Movable Type 4.22

  • Sixapart Movable Type 4.23

  • Sixapart Movable Type 4.24

  • Sixapart Movable Type 4.25

  • Sixapart Movable Type 4.26

  • Sixapart Movable Type 4.261

  • Sixapart Movable Type 4.27

  • Sixapart Movable Type 4.28

  • Sixapart Movable Type 4.29

  • Sixapart Movable Type 4.291

  • Sixapart Movable Type 4.292

  • Sixapart Movable Type 4.35

  • Sixapart Movable Type 4.36

  • Sixapart Movable Type 4.361

  • Sixapart Movable Type 4.37

  • Sixapart Movable Type 5.0

  • Sixapart Movable Type 5.01

  • Sixapart Movable Type 5.02

  • Sixapart Movable Type 5.03

  • Sixapart Movable Type 5.031

  • Sixapart Movable Type 5.04

  • Sixapart Movable Type 5.05

  • Sixapart Movable Type 5.051

  • Sixapart Movable Type 5.06

  • Sixapart Movable Type 5.07

  • Sixapart Movable Type 5.1

  • Sixapart Movable Type 5.11

  • Sixapart Movable Type 5.12


References

CONFIRM - http://www.movabletype.org/documentation/appendices/release-notes/513.html

CONFIRM - http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

JVNDB - JVNDB-2012-000015

JVN - JVN#70683217

SECTRACK - 1026738

BID - 52138


Last Updated: 27 May 2016 10:58:20