Published:2012/02/23  Last Updated:2012/02/23

JVN#20083397
Movable Type vulnerable to session hijacking

Overview

Movable Type contains a session hijacking vulnerability.

Products Affected

Version 5.12, 5.06, 4.37, 4.292 and earlier of the products listed below are vulnerable.

  • Movable Type Open Source
  • Movable Type (with Professional Pack, Community Pack)
  • Movable Type Enterprise
  • Movable Type Advanced
For more information, refer to the information provided by the developer.

Description

Movable Type contains a session hijacking vulnerability in entering comments and community functionality.

Impact

A remote unauthenticated attacker may impersonate an honest user of the affected product.

Solution

Update the software
Update to the latest version of each product according to the information provided by the developer.

Vendor Status

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2012-0320
JVN iPedia JVNDB-2012-000018