发布日期:2012-02-23
更新日期:2012-02-29
受影响系统:
Movable Type Movable Type 5.12
Movable Type Movable Type 5.11
Movable Type Movable Type 5.06
Movable Type Movable Type 5.051
Movable Type Movable Type 5.05
Movable Type Movable Type 5.04
Movable Type Movable Type 5.03
Movable Type Movable Type 5.02
Movable Type Movable Type 5.01
Movable Type Movable Type 5.0
Movable Type Movable Type 4.37
Movable Type Movable Type 4.361
Movable Type Movable Type 4.36
Movable Type Movable Type 4.35
Movable Type Movable Type 4.34
Movable Type Movable Type 4.27
Movable Type Movable Type 4.261
Movable Type Movable Type 4.26
Movable Type Movable Type 4.25
Movable Type Movable Type 4.24
Movable Type Movable Type 4.23
Movable Type Movable Type 4.22
Movable Type Movable Type 4.21
Movable Type Movable Type 4.13
Movable Type Movable Type 4.01
Movable Type Movable Type 4
不受影响系统:
Movable Type Movable Type 5.13
Movable Type Movable Type 5.07
Movable Type Movable Type 4.38
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 52138
CVE ID: CVE-2012-0317,CVE-2012-0318,CVE-2012-0319,CVE-2012-0320,CVE-2012-1262
Movable Type是一个专业的发布平台。
Movable Type在实现上存在多个跨站脚本执行漏洞、跨站请求伪造漏洞、会话劫持漏洞、远程命令执行漏洞,攻击者可利用这些漏洞在受影响站点的用户浏览器中执行任意脚本代码和命令,窃取身份验证凭证、泄露敏感信息。
<*来源:Trustwave
链接:https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Movable Type
------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: