| Title | Movable Type におけるセッションハイジャックが可能な脆弱性 |
|---|---|
| Summary | Movable Type には、セッションハイジャックが可能な脆弱性が存在します。 Movable Type のコメント登録およびコミュニティ機能には、セッションハイジャックが可能な脆弱性が存在します。 |
| Possible impacts | 遠隔の第三者によって、ユーザになりすまされる可能性があります。 |
| Solution | [アップデートする] 開発者が提供する情報をもとに、最新版にアップデートしてください。 なお、開発者によると、対策版として以下のバージョンがリリースされているとのことです。 * Movable Type Open Source 4.38 * Movable Type Open Source 5.07 * Movable Type Open Source 5.13 * Movable Type 5.07 (Professional Pack, Community Pack を同梱) * Movable Type 5.13 (Professional Pack, Community Pack を同梱) * Movable Type Advanced 5.07 * Movable Type Advanced 5.13 |
| Publication Date | Feb. 23, 2012, midnight |
| Registration Date | Feb. 23, 2012, 12:04 p.m. |
| Last Update | Feb. 23, 2012, 12:04 p.m. |
| CVSS2.0 : 警告 | |
| Score | 6.4 |
|---|---|
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
| シックス・アパート株式会社 |
| Movable Type (Professional Pack, Community Pack を同梱) |
| Movable Type Advanced |
| Movable Type Enterprise |
| Movable Type Open Source |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2012年02月23日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script. |
|---|---|
| Publication Date | March 3, 2012, 1:04 p.m. |
| Registration Date | Jan. 28, 2021, 2:52 p.m. |
| Last Update | Nov. 21, 2024, 10:34 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:sixapart:movable_type:5.051:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.11:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.291:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.04:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:*:*:open_source:*:*:*:*:* | 4.37 | ||||
| cpe:2.3:a:sixapart:movable_type:4.36:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.01:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.292:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.361:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.0:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.05:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.29:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.1:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.28:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.06:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.12:*:open_source:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.02:*:open_source:*:*:*:*:* | |||||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:sixapart:movable_type:*:*:enterprise:*:*:*:*:* | 4.292 | ||||
| cpe:2.3:a:sixapart:movable_type:4.291:*:enterprise:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.29:*:enterprise:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.28:*:enterprise:*:*:*:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:a:sixapart:movable_type:5.06:*:advanced:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.051:*:advanced:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.04:*:advanced:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.12:*:advanced:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.11:*:advanced:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.1:*:advanced:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.02:*:advanced:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.05:*:advanced:*:*:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:a:sixapart:movable_type:4.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.05:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.1:beta2:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.06:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.24:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.1:beta:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.2:rc5:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.031:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.07:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.0:beta6:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.03:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.23:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.36:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.0:rc2:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.261:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.0:beta1:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.0:beta4:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.35:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.29:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.26:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.37:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.15:beta4:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.01:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.0:rc1:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.0:beta5:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.04:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.0:beta7:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.0:rc1:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.0:beta4:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.0:beta:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.051:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.0:rc3:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.291:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.0:rc2:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.0:rc3:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.2:rc4:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.27:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.1:beta:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.28:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.15:beta3:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.25:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.361:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.1:rc1:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.2:rc2:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.0:beta3:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.292:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.15:beta1:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.22:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.1:rc1:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.02:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.0:beta2:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:4.0:beta2:*:*:*:*:*:* | |||||
| cpe:2.3:a:sixapart:movable_type:5.0:beta3:*:*:*:*:*:* | |||||