Vulnerability Name:

CVE-2012-1497 (CCN-73688)

Assigned:2012-02-22
Published:2012-02-22
Updated:2018-01-18
Summary:The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-1497

Source: DEBIAN
Type: UNKNOWN
DSA-2423

Source: DEBIAN
Type: DSA-2423
movabletype-opensource -- several vulnerabilities

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

Source: CCN
Type: Movable Type Web Site
Movable Type 5.13, 5.07, and 4.38 Release Notes

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.movabletype.org/documentation/appendices/release-notes/513.html

Source: CCN
Type: OSVDB ID: 79835
Movable Type mt:Include file= Attribute Traversal Arbitrary File Access

Source: XF
Type: UNKNOWN
movable-type-dir-traversal(73688)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:movabletype:movable_type_open_source:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.0:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.01:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.1:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.2:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.23:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.25:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.26:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.31:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.32:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.33:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.34:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.35:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.36:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:*:*:*:*:*:*:*:* (Version <= 4.37)
  • OR cpe:/a:movabletype:movable_type_open_source:4.261:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:4.361:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.03:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.04:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.05:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.06:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.031:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_open_source:5.051:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:movabletype:movable_type_enterprise:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.0:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.01:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.1:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.2:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.23:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.25:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.26:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.31:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.32:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.33:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.34:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.35:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.36:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:*:*:*:*:*:*:*:* (Version <= 4.37)
  • OR cpe:/a:movabletype:movable_type_enterprise:4.261:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:4.361:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.03:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.04:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.05:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.06:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.031:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_enterprise:5.051:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:movabletype:movable_type_advanced:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.0:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.01:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.1:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.2:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.23:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.25:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.26:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.31:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.32:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.33:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.34:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.35:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.36:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:*:*:*:*:*:*:*:* (Version <= 4.37)
  • OR cpe:/a:movabletype:movable_type_advanced:4.261:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:4.361:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.03:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.04:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.05:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.06:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.031:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_advanced:5.051:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:movabletype:movable_type_pro:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.0:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.01:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.1:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.2:beta:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.3:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.23:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.25:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.26:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.31:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.32:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.33:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.34:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.35:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.36:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:*:*:*:*:*:*:*:* (Version <= 4.37)
  • OR cpe:/a:movabletype:movable_type_pro:4.261:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:4.361:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.03:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.04:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.05:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.06:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.031:*:*:*:*:*:*:*
  • OR cpe:/a:movabletype:movable_type_pro:5.051:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:six_apart:movable_type:4:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:sixapart:movable_type:5.01:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:14661
    P
    		DSA-2423-1 movabletype-opensource -- several
    2014-06-23
    oval:com.ubuntu.precise:def:20121497000
    V
    		CVE-2012-1497 on Ubuntu 12.04 LTS (precise) - medium.
    2012-03-02
    oval:com.ubuntu.trusty:def:20121497000
    V
    		CVE-2012-1497 on Ubuntu 14.04 LTS (trusty) - medium.
    2012-03-02
    BACK
    movabletype movable type open source 4.0
    movabletype movable type open source 4.0 beta
    movabletype movable type open source 4.01 beta
    movabletype movable type open source 4.1
    movabletype movable type open source 4.1 beta
    movabletype movable type open source 4.2
    movabletype movable type open source 4.2 beta
    movabletype movable type open source 4.3
    movabletype movable type open source 4.23
    movabletype movable type open source 4.25
    movabletype movable type open source 4.26
    movabletype movable type open source 4.31
    movabletype movable type open source 4.32
    movabletype movable type open source 4.33
    movabletype movable type open source 4.34
    movabletype movable type open source 4.35
    movabletype movable type open source 4.36
    movabletype movable type open source *
    movabletype movable type open source 4.261
    movabletype movable type open source 4.361
    movabletype movable type open source 5.1
    movabletype movable type open source 5.02
    movabletype movable type open source 5.03
    movabletype movable type open source 5.04
    movabletype movable type open source 5.05
    movabletype movable type open source 5.06
    movabletype movable type open source 5.11
    movabletype movable type open source 5.12
    movabletype movable type open source 5.031
    movabletype movable type open source 5.051
    movabletype movable type enterprise 4.0
    movabletype movable type enterprise 4.0 beta
    movabletype movable type enterprise 4.01 beta
    movabletype movable type enterprise 4.1
    movabletype movable type enterprise 4.1 beta
    movabletype movable type enterprise 4.2
    movabletype movable type enterprise 4.2 beta
    movabletype movable type enterprise 4.3
    movabletype movable type enterprise 4.23
    movabletype movable type enterprise 4.25
    movabletype movable type enterprise 4.26
    movabletype movable type enterprise 4.31
    movabletype movable type enterprise 4.32
    movabletype movable type enterprise 4.33
    movabletype movable type enterprise 4.34
    movabletype movable type enterprise 4.35
    movabletype movable type enterprise 4.36
    movabletype movable type enterprise *
    movabletype movable type enterprise 4.261
    movabletype movable type enterprise 4.361
    movabletype movable type enterprise 5.1
    movabletype movable type enterprise 5.02
    movabletype movable type enterprise 5.03
    movabletype movable type enterprise 5.04
    movabletype movable type enterprise 5.05
    movabletype movable type enterprise 5.06
    movabletype movable type enterprise 5.11
    movabletype movable type enterprise 5.12
    movabletype movable type enterprise 5.031
    movabletype movable type enterprise 5.051
    movabletype movable type advanced 4.0
    movabletype movable type advanced 4.0 beta
    movabletype movable type advanced 4.01 beta
    movabletype movable type advanced 4.1
    movabletype movable type advanced 4.1 beta
    movabletype movable type advanced 4.2
    movabletype movable type advanced 4.2 beta
    movabletype movable type advanced 4.3
    movabletype movable type advanced 4.23
    movabletype movable type advanced 4.25
    movabletype movable type advanced 4.26
    movabletype movable type advanced 4.31
    movabletype movable type advanced 4.32
    movabletype movable type advanced 4.33
    movabletype movable type advanced 4.34
    movabletype movable type advanced 4.35
    movabletype movable type advanced 4.36
    movabletype movable type advanced *
    movabletype movable type advanced 4.261
    movabletype movable type advanced 4.361
    movabletype movable type advanced 5.1
    movabletype movable type advanced 5.02
    movabletype movable type advanced 5.03
    movabletype movable type advanced 5.04
    movabletype movable type advanced 5.05
    movabletype movable type advanced 5.06
    movabletype movable type advanced 5.11
    movabletype movable type advanced 5.12
    movabletype movable type advanced 5.031
    movabletype movable type advanced 5.051
    movabletype movable type pro 4.0
    movabletype movable type pro 4.0 beta
    movabletype movable type pro 4.01 beta
    movabletype movable type pro 4.1
    movabletype movable type pro 4.1 beta
    movabletype movable type pro 4.2
    movabletype movable type pro 4.2 beta
    movabletype movable type pro 4.3
    movabletype movable type pro 4.23
    movabletype movable type pro 4.25
    movabletype movable type pro 4.26
    movabletype movable type pro 4.31
    movabletype movable type pro 4.32
    movabletype movable type pro 4.33
    movabletype movable type pro 4.34
    movabletype movable type pro 4.35
    movabletype movable type pro 4.36
    movabletype movable type pro *
    movabletype movable type pro 4.261
    movabletype movable type pro 4.361
    movabletype movable type pro 5.1
    movabletype movable type pro 5.02
    movabletype movable type pro 5.03
    movabletype movable type pro 5.04
    movabletype movable type pro 5.05
    movabletype movable type pro 5.06
    movabletype movable type pro 5.11
    movabletype movable type pro 5.12
    movabletype movable type pro 5.031
    movabletype movable type pro 5.051
    six_apart movable type 4
    sixapart movable type 5.0
    sixapart movable type 5.01