Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 and 5.x before 5.04 have unknown impact and attack vectors related to the (1) mt:AssetProperty and (2) mt:EntryFlag tags.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Movabletype | Sixapart | 4.0 (including) | 4.0 (including) |
| Movabletype | Sixapart | 4.1 (including) | 4.1 (including) |
| Movabletype | Sixapart | 4.2 (including) | 4.2 (including) |
| Movabletype | Sixapart | 4.3 (including) | 4.3 (including) |
| Movabletype | Sixapart | 4.23 (including) | 4.23 (including) |
| Movabletype | Sixapart | 4.25 (including) | 4.25 (including) |
| Movabletype | Sixapart | 4.26 (including) | 4.26 (including) |
| Movabletype | Sixapart | 4.31 (including) | 4.31 (including) |
| Movabletype | Sixapart | 4.32 (including) | 4.32 (including) |
| Movabletype | Sixapart | 4.33 (including) | 4.33 (including) |
| Movabletype | Sixapart | 4.34 (including) | 4.34 (including) |
| Movabletype | Sixapart | 4.261 (including) | 4.261 (including) |
| Movabletype | Sixapart | 5.0-rc2 (including) | 5.0-rc2 (including) |
| Movabletype | Sixapart | 5.01 (including) | 5.01 (including) |
| Movabletype | Sixapart | 5.02 (including) | 5.02 (including) |
| Movabletype | Sixapart | 5.03 (including) | 5.03 (including) |
| Movabletype | Sixapart | 5.031 (including) | 5.031 (including) |
| Movabletype-opensource | Ubuntu | karmic | * |
| Movabletype-opensource | Ubuntu | lucid | * |
| Movabletype-opensource | Ubuntu | maverick | * |
| Movabletype-opensource | Ubuntu | upstream | * |
References
- http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html
- http://www.securityfocus.com/bid/45383
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64130
- http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html
- http://www.securityfocus.com/bid/45383
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64130