Published:2010/01/06 Last Updated:2010/01/06
JVN#09872874
Movable Type access restriction bypass vulnerability
Overview
Movable Type contains an access restriction bypass vulnerability.
Products Affected
- Movable Type 4.261 (Open Source) and earlier
- Movable Type 4.261 (includes Professional and Community Packs) and earlier
- Movable Type Commercial 4.261 (includes Professional Pack) and earlier
- Movable Type Enterprise 4.261 and earlier
- Movable Type 5.0 (Open Source)
- Movable Type 5.0 (includes Professional and Community Packs)
Description
Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions.
This vulnerability is different from JVN#08369659.
Impact
A remote attacker may view or modify information stored by Movable Type.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2010.01.06
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | can be attacked over the Internet using packets |
|
| Authentication | self-registration, perhaps valid e-mail |
|
| User Interaction Required | the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | the user must be convinced to take a difficult or suspicious action. If the honest user must have elevated privileges, they are likely to be more suspiciouse |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2010-000001 |