CVE-2012-0317 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P
jpcert	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 52%

Vendor	Product	Version
sixapart	movable_type	𝑥 ≤ 4.37
sixapart	movable_type	4.28
sixapart	movable_type	4.29
sixapart	movable_type	4.36
sixapart	movable_type	4.291
sixapart	movable_type	4.292
sixapart	movable_type	4.361
sixapart	movable_type	5.0
sixapart	movable_type	5.01
sixapart	movable_type	5.1
sixapart	movable_type	5.02
sixapart	movable_type	5.04
sixapart	movable_type	5.05
sixapart	movable_type	5.06
sixapart	movable_type	5.11
sixapart	movable_type	5.12
sixapart	movable_type	5.051
sixapart	movable_type	𝑥 ≤ 4.292
sixapart	movable_type	4.28
sixapart	movable_type	4.29
sixapart	movable_type	4.291
sixapart	movable_type	5.1
sixapart	movable_type	5.02
sixapart	movable_type	5.04
sixapart	movable_type	5.05
sixapart	movable_type	5.06
sixapart	movable_type	5.11
sixapart	movable_type	5.12
sixapart	movable_type	5.051
sixapart	movable_type	4.0
sixapart	movable_type	4.0:beta
sixapart	movable_type	4.0:beta2
sixapart	movable_type	4.0:beta3
sixapart	movable_type	4.0:beta4
sixapart	movable_type	4.0:beta5
sixapart	movable_type	4.0:beta6
sixapart	movable_type	4.0:beta7
sixapart	movable_type	4.0:rc1
sixapart	movable_type	4.0:rc2
sixapart	movable_type	4.0:rc3
sixapart	movable_type	4.1:beta
sixapart	movable_type	4.1:beta2
sixapart	movable_type	4.1:rc1
sixapart	movable_type	4.2
sixapart	movable_type	4.2:rc2
sixapart	movable_type	4.2:rc4
sixapart	movable_type	4.2:rc5
sixapart	movable_type	4.12
sixapart	movable_type	4.15:beta1
sixapart	movable_type	4.15:beta3
sixapart	movable_type	4.15:beta4
sixapart	movable_type	4.22
sixapart	movable_type	4.23
sixapart	movable_type	4.24
sixapart	movable_type	4.25
sixapart	movable_type	4.26
sixapart	movable_type	4.27
sixapart	movable_type	4.28
sixapart	movable_type	4.29
sixapart	movable_type	4.35
sixapart	movable_type	4.36
sixapart	movable_type	4.37
sixapart	movable_type	4.261
sixapart	movable_type	4.291
sixapart	movable_type	4.292
sixapart	movable_type	4.361
sixapart	movable_type	5.0
sixapart	movable_type	5.0:beta1
sixapart	movable_type	5.0:beta2
sixapart	movable_type	5.0:beta3
sixapart	movable_type	5.0:beta4
sixapart	movable_type	5.0:rc1
sixapart	movable_type	5.0:rc2
sixapart	movable_type	5.0:rc3
sixapart	movable_type	5.01
sixapart	movable_type	5.1:beta
sixapart	movable_type	5.1:rc1
sixapart	movable_type	5.02
sixapart	movable_type	5.03
sixapart	movable_type	5.04
sixapart	movable_type	5.05
sixapart	movable_type	5.06
sixapart	movable_type	5.07
sixapart	movable_type	5.11
sixapart	movable_type	5.12
sixapart	movable_type	5.031
sixapart	movable_type	5.051

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

movabletype-opensource

zesty	dne
yakkety	dne
xenial	dne
wily	dne
vivid	dne
utopic	not-affected
trusty	dne
saucy	not-affected
raring	not-affected
quantal	not-affected
precise	ignored
oneiric	ignored
natty	ignored
maverick	ignored
lucid	ignored
hardy	dne

Common Weakness Enumeration

CWE-352 - Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

http://jvn.jp/en/jp/JVN70683217/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015

http://www.debian.org/security/2012/dsa-2423

http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

http://www.movabletype.org/documentation/appendices/release-notes/513.html

http://www.securityfocus.com/bid/52138

http://www.securitytracker.com/id?1026738

http://jvn.jp/en/jp/JVN70683217/index.html

http://jvndb.jvn.jp/jvndb/JVNDB-2012-000015

http://www.debian.org/security/2012/dsa-2423

http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

http://www.movabletype.org/documentation/appendices/release-notes/513.html

http://www.securityfocus.com/bid/52138

http://www.securitytracker.com/id?1026738