Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1592

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1592
Last Modified 23 Mar 2015 10:02:31
Published 19 Feb 2015 10:59:16
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1592

Summary

Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.

Vulnerable Systems

Application

  • Sixapart Movabletype 5.2.11

  • Sixapart Movabletype 6.0

  • Sixapart Movabletype 6.0.1

  • Sixapart Movabletype 6.0.2

  • Sixapart Movabletype 6.0.3

  • Sixapart Movabletype 6.0.4

  • Sixapart Movabletype 6.0.5

  • Sixapart Movabletype 6.0.6


References

CONFIRM - https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html

XF - movable-type-cve20151592-file-include(100912)

BID - 72606

MLIST - [oss-security] 20150212 CVE request: MovableType before 5.2.12

MLIST - [oss-security] 20150212 Re: CVE request: MovableType before 5.2.12 - Movable Type

DEBIAN - DSA-3183

SECTRACK - 1031777


Last Updated: 27 May 2016 11:07:54