Vulnerability-Lookup

CNVD-2015-02717

Vulnerability from cnvd - Published: 2015-04-24

Title

Six Apart Movable Type格式化字符串漏洞

Description

Six Apart Movable Type（MT）是美国Six Apart公司的一套博客（blog）系统。Pro、Open Source和Advanced分别是该系统的专业版、开源版和高级版。 Six Apart MT存在格式化字符串漏洞。远程攻击者可利用该漏洞执行任意代码。

Severity

高

Patch Name

Six Apart Movable Type格式化字符串漏洞的补丁

Patch Description

Six Apart Movable Type（MT）是美国Six Apart公司的一套博客（blog）系统。Pro、Open Source和Advanced分别是该系统的专业版、开源版和高级版。 Six Apart MT存在格式化字符串漏洞。远程攻击者可利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞：https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html

Reference

https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html

Impacted products

Name
Six Apart Movable Type <= 5.2.11

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0845"
    }
  },
  "description": "Six Apart Movable Type\uff08MT\uff09\u662f\u7f8e\u56fdSix Apart\u516c\u53f8\u7684\u4e00\u5957\u535a\u5ba2\uff08blog\uff09\u7cfb\u7edf\u3002Pro\u3001Open Source\u548cAdvanced\u5206\u522b\u662f\u8be5\u7cfb\u7edf\u7684\u4e13\u4e1a\u7248\u3001\u5f00\u6e90\u7248\u548c\u9ad8\u7ea7\u7248\u3002\r\n\r\nSix Apart MT\u5b58\u5728\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "John Lightsey",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1ahttps://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02717",
  "openTime": "2015-04-24",
  "patchDescription": "Six Apart Movable Type\uff08MT\uff09\u662f\u7f8e\u56fdSix Apart\u516c\u53f8\u7684\u4e00\u5957\u535a\u5ba2\uff08blog\uff09\u7cfb\u7edf\u3002Pro\u3001Open Source\u548cAdvanced\u5206\u522b\u662f\u8be5\u7cfb\u7edf\u7684\u4e13\u4e1a\u7248\u3001\u5f00\u6e90\u7248\u548c\u9ad8\u7ea7\u7248\u3002 \r\n\r\nSix Apart MT\u5b58\u5728\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Six Apart Movable Type\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Six Apart Movable Type \u003c= 5.2.11"
  },
  "referenceLink": "https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html",
  "serverity": "\u9ad8",
  "submitTime": "2015-04-23",
  "title": "Six Apart Movable Type\u683c\u5f0f\u5316\u5b57\u7b26\u4e32\u6f0f\u6d1e"
}

CVE-2015-0845 (GCVE-0-2015-0845)

Vulnerability from cvelistv5 – Published: 2015-04-17 17:00 – Updated: 2024-08-06 04:26

Summary

Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.

Severity ?

No CVSS data available.

CWE

Assigner

debian

References

URL

Tags

	http://www.debian.org/security/2015/dsa-3227	vendor-advisoryx_refsource_DEBIAN
	http://www.securitytracker.com/id/1032153	vdb-entryx_refsource_SECTRACK
	https://movabletype.org/news/2015/04/movable_type…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:26:10.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3227",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3227"
          },
          {
            "name": "1032153",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032153"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2015-05-04T20:57:00",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "DSA-3227",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3227"
        },
        {
          "name": "1032153",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032153"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2015-0845",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3227",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3227"
            },
            {
              "name": "1032153",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032153"
            },
            {
              "name": "https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html",
              "refsource": "CONFIRM",
              "url": "https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2015-0845",
    "datePublished": "2015-04-17T17:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:26:10.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-02717

CVE-2015-0845 (GCVE-0-2015-0845)

Tags

Sightings

Nomenclature