jvndb-2009-000043
Vulnerability from jvndb
Published
2009-07-01 17:53
Modified
2009-07-01 17:53
Summary
Movable Type access restriction bypass vulnerability
Details
Movable Type contains an access restriction bypass vulnerability.
Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions.
A successful attack requires mt-wizard.cgi not to be deleted after initial setup. For more information, refer to the developer's website.
Masashi Shiraishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Six Apart, Ltd. | Movable Type |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html",
"dc:date": "2009-07-01T17:53+09:00",
"dcterms:issued": "2009-07-01T17:53+09:00",
"dcterms:modified": "2009-07-01T17:53+09:00",
"description": "Movable Type contains an access restriction bypass vulnerability.\r\n\r\nMovable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions.\r\n\r\nA successful attack requires mt-wizard.cgi not to be deleted after initial setup. For more information, refer to the developer\u0027s website.\r\n\r\nMasashi Shiraishi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html",
"sec:cpe": {
"#text": "cpe:/a:sixapart:movable_type",
"@product": "Movable Type",
"@vendor": "Six Apart, Ltd.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-000043",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN08369659/index.html",
"@id": "JVN#08369659",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2481",
"@id": "CVE-2009-2481",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2481",
"@id": "CVE-2009-2481",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/35534",
"@id": "SA35534",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/35471",
"@id": "35471",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/51330",
"@id": "51330",
"@source": "XF"
},
{
"#text": "http://www.vupen.com/english/advisories/2009/1668",
"@id": "VUPEN/ADV-2009-1668",
"@source": "VUPEN"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Movable Type access restriction bypass vulnerability"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.