Published:2010/01/06 Last Updated:2010/01/06
JVN#09872874
Movable Type access restriction bypass vulnerability
Overview
Movable Type contains an access restriction bypass vulnerability.
Products Affected
- Movable Type 4.261 (Open Source) and earlier
- Movable Type 4.261 (includes Professional and Community Packs) and earlier
- Movable Type Commercial 4.261 (includes Professional Pack) and earlier
- Movable Type Enterprise 4.261 and earlier
- Movable Type 5.0 (Open Source)
- Movable Type 5.0 (includes Professional and Community Packs)
Description
Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions.
This vulnerability is different from JVN#08369659.
Impact
A remote attacker may view or modify information stored by Movable Type.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2010.01.06
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Routed - can be attacked over the Internet using packets |
|
| Authentication | Limited - self-registration, perhaps valid e-mail |
|
| User Interaction Required | None - the vulnerability can be exploited without an honest user taking any action |
|
| Exploit Complexity | Low - little to no expertise and/or luck required to exploit (cross-site scripting) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2010-000001 |