What is the severity of CVE-2012-0320?

CVE-2012-0320 is considered a critical vulnerability that allows remote attackers to take control of sessions.

How do I fix CVE-2012-0320?

To fix CVE-2012-0320, upgrade Movable Type to versions 4.38, 5.07, or later.

What versions of Movable Type are affected by CVE-2012-0320?

Movable Type versions prior to 4.38, 5.0x before 5.07, and 5.1x before 5.13 are affected by CVE-2012-0320.

What type of vulnerability is CVE-2012-0320?

CVE-2012-0320 is a session management vulnerability related to the commenting feature and community script.

Can CVE-2012-0320 lead to data breaches?

Yes, CVE-2012-0320 can potentially lead to unauthorized access and control over user sessions, resulting in data breaches.

Vulnerability/
CVE-2012-0320

high

7.5

3/3/2012

6/8/2024

CVE-2012-0320

First published: Sat Mar 03 2012(Updated: )

Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the (1) commenting feature and (2) community script.

Credit: vultures@jpcert.or.jp

Affected Software	Affected Version	How to fix
Six Apart Movable Type	<=4.37
Six Apart Movable Type	=4.28
Six Apart Movable Type	=4.29
Six Apart Movable Type	=4.36
Six Apart Movable Type	=4.291
Six Apart Movable Type	=4.292
Six Apart Movable Type	=4.361
Six Apart Movable Type	=5.0
Six Apart Movable Type	=5.01
Six Apart Movable Type	=5.1
Six Apart Movable Type	=5.02
Six Apart Movable Type	=5.04
Six Apart Movable Type	=5.05
Six Apart Movable Type	=5.06
Six Apart Movable Type	=5.11
Six Apart Movable Type	=5.12
Six Apart Movable Type	=5.051
Six Apart Movable Type	<=4.292
Six Apart Movable Type	=4.28
Six Apart Movable Type	=4.29
Six Apart Movable Type	=4.291
Six Apart Movable Type	=5.1
Six Apart Movable Type	=5.02
Six Apart Movable Type	=5.04
Six Apart Movable Type	=5.05
Six Apart Movable Type	=5.06
Six Apart Movable Type	=5.11
Six Apart Movable Type	=5.12
Six Apart Movable Type	=5.051
Six Apart Movable Type	=4.0
Six Apart Movable Type	=4.0-beta
Six Apart Movable Type	=4.0-beta2
Six Apart Movable Type	=4.0-beta3
Six Apart Movable Type	=4.0-beta4
Six Apart Movable Type	=4.0-beta5
Six Apart Movable Type	=4.0-beta6
Six Apart Movable Type	=4.0-beta7
Six Apart Movable Type	=4.0-rc1
Six Apart Movable Type	=4.0-rc2
Six Apart Movable Type	=4.0-rc3
Six Apart Movable Type	=4.1-beta
Six Apart Movable Type	=4.1-beta2
Six Apart Movable Type	=4.1-rc1
Six Apart Movable Type	=4.2
Six Apart Movable Type	=4.2-rc2
Six Apart Movable Type	=4.2-rc4
Six Apart Movable Type	=4.2-rc5
Six Apart Movable Type	=4.12
Six Apart Movable Type	=4.15-beta1
Six Apart Movable Type	=4.15-beta3
Six Apart Movable Type	=4.15-beta4
Six Apart Movable Type	=4.22
Six Apart Movable Type	=4.23
Six Apart Movable Type	=4.24
Six Apart Movable Type	=4.25
Six Apart Movable Type	=4.26
Six Apart Movable Type	=4.27
Six Apart Movable Type	=4.28
Six Apart Movable Type	=4.29
Six Apart Movable Type	=4.35
Six Apart Movable Type	=4.36
Six Apart Movable Type	=4.37
Six Apart Movable Type	=4.261
Six Apart Movable Type	=4.291
Six Apart Movable Type	=4.292
Six Apart Movable Type	=4.361
Six Apart Movable Type	=5.0
Six Apart Movable Type	=5.0-beta1
Six Apart Movable Type	=5.0-beta2
Six Apart Movable Type	=5.0-beta3
Six Apart Movable Type	=5.0-beta4
Six Apart Movable Type	=5.0-rc1
Six Apart Movable Type	=5.0-rc2
Six Apart Movable Type	=5.0-rc3
Six Apart Movable Type	=5.01
Six Apart Movable Type	=5.1-beta
Six Apart Movable Type	=5.1-rc1
Six Apart Movable Type	=5.02
Six Apart Movable Type	=5.03
Six Apart Movable Type	=5.04
Six Apart Movable Type	=5.05
Six Apart Movable Type	=5.06
Six Apart Movable Type	=5.07
Six Apart Movable Type	=5.11
Six Apart Movable Type	=5.12
Six Apart Movable Type	=5.031
Six Apart Movable Type	=5.051

Remedy

http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

Remedy

http://www.movabletype.org/documentation/appendices/release-notes/513.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-0320?
CVE-2012-0320 is considered a critical vulnerability that allows remote attackers to take control of sessions.
How do I fix CVE-2012-0320?
To fix CVE-2012-0320, upgrade Movable Type to versions 4.38, 5.07, or later.
What versions of Movable Type are affected by CVE-2012-0320?
Movable Type versions prior to 4.38, 5.0x before 5.07, and 5.1x before 5.13 are affected by CVE-2012-0320.
What type of vulnerability is CVE-2012-0320?
CVE-2012-0320 is a session management vulnerability related to the commenting feature and community script.
Can CVE-2012-0320 lead to data breaches?
Yes, CVE-2012-0320 can potentially lead to unauthorized access and control over user sessions, resulting in data breaches.

agent/type
agent/remedy
collector/mitre-cve
source/MITRE
agent/severity
agent/references
agent/author
agent/last-modified-date
agent/first-publish-date
agent/event
agent/description
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/sixapart
canonical/six apart movable type
version/six apart movable type/4.37
version/six apart movable type/4.28
version/six apart movable type/4.29
version/six apart movable type/4.36
version/six apart movable type/4.291
version/six apart movable type/4.292
version/six apart movable type/4.361
version/six apart movable type/5.0
version/six apart movable type/5.01
version/six apart movable type/5.1
version/six apart movable type/5.02
version/six apart movable type/5.04
version/six apart movable type/5.05
version/six apart movable type/5.06
version/six apart movable type/5.11
version/six apart movable type/5.12
version/six apart movable type/5.051
version/six apart movable type/4.0
version/six apart movable type/4.0-beta
version/six apart movable type/4.0-beta2
version/six apart movable type/4.0-beta3
version/six apart movable type/4.0-beta4
version/six apart movable type/4.0-beta5
version/six apart movable type/4.0-beta6
version/six apart movable type/4.0-beta7
version/six apart movable type/4.0-rc1
version/six apart movable type/4.0-rc2
version/six apart movable type/4.0-rc3
version/six apart movable type/4.1-beta
version/six apart movable type/4.1-beta2
version/six apart movable type/4.1-rc1
version/six apart movable type/4.2
version/six apart movable type/4.2-rc2
version/six apart movable type/4.2-rc4
version/six apart movable type/4.2-rc5
version/six apart movable type/4.12
version/six apart movable type/4.15-beta1
version/six apart movable type/4.15-beta3
version/six apart movable type/4.15-beta4
version/six apart movable type/4.22
version/six apart movable type/4.23
version/six apart movable type/4.24
version/six apart movable type/4.25
version/six apart movable type/4.26
version/six apart movable type/4.27
version/six apart movable type/4.35
version/six apart movable type/4.261
version/six apart movable type/5.0-beta1
version/six apart movable type/5.0-beta2
version/six apart movable type/5.0-beta3
version/six apart movable type/5.0-beta4
version/six apart movable type/5.0-rc1
version/six apart movable type/5.0-rc2
version/six apart movable type/5.0-rc3
version/six apart movable type/5.1-beta
version/six apart movable type/5.1-rc1
version/six apart movable type/5.03
version/six apart movable type/5.07
version/six apart movable type/5.031

CVE-2012-0320

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-0320?

How do I fix CVE-2012-0320?

What versions of Movable Type are affected by CVE-2012-0320?

What type of vulnerability is CVE-2012-0320?

Can CVE-2012-0320 lead to data breaches?

Company

Resources

Contact