CVE-2012-1497 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	4 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:S/C:P/I:N/A:N
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 67%

Vendor	Product	Version
movabletype	movable_type_open_source	𝑥 ≤ 4.37
movabletype	movable_type_open_source	4.0
movabletype	movable_type_open_source	4.0:beta
movabletype	movable_type_open_source	4.1
movabletype	movable_type_open_source	4.1:beta
movabletype	movable_type_open_source	4.01:beta
movabletype	movable_type_open_source	4.2
movabletype	movable_type_open_source	4.2:beta
movabletype	movable_type_open_source	4.3
movabletype	movable_type_open_source	4.23
movabletype	movable_type_open_source	4.25
movabletype	movable_type_open_source	4.26
movabletype	movable_type_open_source	4.31
movabletype	movable_type_open_source	4.32
movabletype	movable_type_open_source	4.33
movabletype	movable_type_open_source	4.34
movabletype	movable_type_open_source	4.35
movabletype	movable_type_open_source	4.36
movabletype	movable_type_open_source	4.261
movabletype	movable_type_open_source	4.361
movabletype	movable_type_open_source	5.1
movabletype	movable_type_open_source	5.02
movabletype	movable_type_open_source	5.03
movabletype	movable_type_open_source	5.04
movabletype	movable_type_open_source	5.05
movabletype	movable_type_open_source	5.06
movabletype	movable_type_open_source	5.11
movabletype	movable_type_open_source	5.12
movabletype	movable_type_open_source	5.031
movabletype	movable_type_open_source	5.051
movabletype	movable_type_enterprise	𝑥 ≤ 4.37
movabletype	movable_type_enterprise	4.0
movabletype	movable_type_enterprise	4.0:beta
movabletype	movable_type_enterprise	4.1
movabletype	movable_type_enterprise	4.01:beta
movabletype	movable_type_enterprise	4.1:beta
movabletype	movable_type_enterprise	4.2
movabletype	movable_type_enterprise	4.2:beta
movabletype	movable_type_enterprise	4.3
movabletype	movable_type_enterprise	4.23
movabletype	movable_type_enterprise	4.25
movabletype	movable_type_enterprise	4.26
movabletype	movable_type_enterprise	4.31
movabletype	movable_type_enterprise	4.32
movabletype	movable_type_enterprise	4.33
movabletype	movable_type_enterprise	4.34
movabletype	movable_type_enterprise	4.35
movabletype	movable_type_enterprise	4.36
movabletype	movable_type_enterprise	4.261
movabletype	movable_type_enterprise	4.361
movabletype	movable_type_enterprise	5.1
movabletype	movable_type_enterprise	5.02
movabletype	movable_type_enterprise	5.03
movabletype	movable_type_enterprise	5.04
movabletype	movable_type_enterprise	5.05
movabletype	movable_type_enterprise	5.06
movabletype	movable_type_enterprise	5.11
movabletype	movable_type_enterprise	5.12
movabletype	movable_type_enterprise	5.031
movabletype	movable_type_enterprise	5.051
movabletype	movable_type_advanced	𝑥 ≤ 4.37
movabletype	movable_type_advanced	4.0
movabletype	movable_type_advanced	4.0:beta
movabletype	movable_type_advanced	4.1
movabletype	movable_type_advanced	4.01:beta
movabletype	movable_type_advanced	4.1:beta
movabletype	movable_type_advanced	4.2
movabletype	movable_type_advanced	4.2:beta
movabletype	movable_type_advanced	4.3
movabletype	movable_type_advanced	4.23
movabletype	movable_type_advanced	4.25
movabletype	movable_type_advanced	4.26
movabletype	movable_type_advanced	4.31
movabletype	movable_type_advanced	4.32
movabletype	movable_type_advanced	4.33
movabletype	movable_type_advanced	4.34
movabletype	movable_type_advanced	4.35
movabletype	movable_type_advanced	4.36
movabletype	movable_type_advanced	4.261
movabletype	movable_type_advanced	4.361
movabletype	movable_type_advanced	5.1
movabletype	movable_type_advanced	5.02
movabletype	movable_type_advanced	5.03
movabletype	movable_type_advanced	5.04
movabletype	movable_type_advanced	5.05
movabletype	movable_type_advanced	5.06
movabletype	movable_type_advanced	5.11
movabletype	movable_type_advanced	5.12
movabletype	movable_type_advanced	5.031
movabletype	movable_type_advanced	5.051
movabletype	movable_type_pro	𝑥 ≤ 4.37
movabletype	movable_type_pro	4.0
movabletype	movable_type_pro	4.0:beta
movabletype	movable_type_pro	4.1
movabletype	movable_type_pro	4.1:beta
movabletype	movable_type_pro	4.01:beta
movabletype	movable_type_pro	4.2
movabletype	movable_type_pro	4.2:beta
movabletype	movable_type_pro	4.3
movabletype	movable_type_pro	4.23
movabletype	movable_type_pro	4.25
movabletype	movable_type_pro	4.26
movabletype	movable_type_pro	4.31
movabletype	movable_type_pro	4.32
movabletype	movable_type_pro	4.33
movabletype	movable_type_pro	4.34
movabletype	movable_type_pro	4.35
movabletype	movable_type_pro	4.36
movabletype	movable_type_pro	4.261
movabletype	movable_type_pro	4.361
movabletype	movable_type_pro	5.1
movabletype	movable_type_pro	5.02
movabletype	movable_type_pro	5.03
movabletype	movable_type_pro	5.04
movabletype	movable_type_pro	5.05
movabletype	movable_type_pro	5.06
movabletype	movable_type_pro	5.11
movabletype	movable_type_pro	5.12
movabletype	movable_type_pro	5.031
movabletype	movable_type_pro	5.051

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

movabletype-opensource

zesty	dne
yakkety	dne
xenial	dne
wily	dne
vivid	dne
utopic	not-affected
trusty	dne
saucy	not-affected
raring	not-affected
quantal	not-affected
precise	ignored
oneiric	ignored
natty	ignored
maverick	ignored
lucid	ignored
hardy	dne

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://www.debian.org/security/2012/dsa-2423

http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

http://www.movabletype.org/documentation/appendices/release-notes/513.html

http://www.debian.org/security/2012/dsa-2423

http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

http://www.movabletype.org/documentation/appendices/release-notes/513.html