CVE-2015-0845
Summary
| CVE | CVE-2015-0845 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-04-17 17:59:00 UTC |
| Updated | 2015-10-09 17:25:00 UTC |
| Description | Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sixapart | Movabletype | 6.0 | All | All | All |
| Application | Sixapart | Movabletype | 6.0 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.1 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.1 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.2 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.2 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.3 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.3 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.4 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.4 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.5 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.5 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.6 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.6 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.7 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.7 | All | All | All |
| Application | Sixapart | Movabletype | 6.0 | All | All | All |
| Application | Sixapart | Movabletype | 6.0 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.1 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.1 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.2 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.2 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.3 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.3 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.4 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.4 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.5 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.5 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.6 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.6 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.7 | All | All | All |
| Application | Sixapart | Movabletype | 6.0.7 | All | All | All |
| Application | Sixapart | Movabletype | All | All | All | All |
| Application | Sixapart | Movabletype | All | All | All | All |
| Application | Sixapart | Movabletype | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Movable Type Format String Flaw Lets Remote Users Execute Arbitrary Perl Scripts - SecurityTracker | SECTRACK | www.securitytracker.com | |
| MovableType.org – News: Movable Type 6.0.8 and 5.2.13 released to close security vulnerability | CONFIRM | movabletype.org | Vendor Advisory |
| Debian -- Security Information -- DSA-3227-1 movabletype-opensource | DEBIAN | www.debian.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.