What is the severity of CVE-2012-1497?

CVE-2012-1497 has a medium severity rating due to its potential for directory traversal attacks allowing unauthorized access to files.

How do I fix CVE-2012-1497?

To fix CVE-2012-1497, upgrade Movable Type to version 4.38, 5.07, or 5.13 or later.

What versions are affected by CVE-2012-1497?

CVE-2012-1497 affects Movable Type versions prior to 4.38, 5.0x before 5.07, and 5.1x before 5.13.

What is the attack vector for CVE-2012-1497?

The attack vector for CVE-2012-1497 involves remote authenticated users exploiting the "mt:Include file=" attribute for directory traversal.

Can CVE-2012-1497 lead to data exposure?

Yes, CVE-2012-1497 can lead to unauthorized file access and potentially expose sensitive data.

Vulnerability/
CVE-2012-1497

medium

CWE

3/3/2012

18/1/2018

CVE-2012-1497: Path Traversal

First published: Sat Mar 03 2012(Updated: )

The default configuration of Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 supports the "mt:Include file=" attribute, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files by leveraging the template-designer role.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Movable Type Open Source	<=4.37
Movable Type Open Source	=4.0
Movable Type Open Source	=4.0-beta
Movable Type Open Source	=4.1
Movable Type Open Source	=4.1-beta
Movable Type Open Source	=4.01-beta
Movable Type Open Source	=4.2
Movable Type Open Source	=4.2-beta
Movable Type Open Source	=4.3
Movable Type Open Source	=4.23
Movable Type Open Source	=4.25
Movable Type Open Source	=4.26
Movable Type Open Source	=4.31
Movable Type Open Source	=4.32
Movable Type Open Source	=4.33
Movable Type Open Source	=4.34
Movable Type Open Source	=4.35
Movable Type Open Source	=4.36
Movable Type Open Source	=4.261
Movable Type Open Source	=4.361
Movable Type Open Source	=5.1
Movable Type Open Source	=5.02
Movable Type Open Source	=5.03
Movable Type Open Source	=5.04
Movable Type Open Source	=5.05
Movable Type Open Source	=5.06
Movable Type Open Source	=5.11
Movable Type Open Source	=5.12
Movable Type Open Source	=5.031
Movable Type Open Source	=5.051
Movable Type	<=4.37
Movable Type	=4.0
Movable Type	=4.0-beta
Movable Type	=4.1
Movable Type	=4.01-beta
Movable Type	=4.1-beta
Movable Type	=4.2
Movable Type	=4.2-beta
Movable Type	=4.3
Movable Type	=4.23
Movable Type	=4.25
Movable Type	=4.26
Movable Type	=4.31
Movable Type	=4.32
Movable Type	=4.33
Movable Type	=4.34
Movable Type	=4.35
Movable Type	=4.36
Movable Type	=4.261
Movable Type	=4.361
Movable Type	=5.1
Movable Type	=5.02
Movable Type	=5.03
Movable Type	=5.04
Movable Type	=5.05
Movable Type	=5.06
Movable Type	=5.11
Movable Type	=5.12
Movable Type	=5.031
Movable Type	=5.051
Movable Type	<=4.37
Movable Type	=4.0
Movable Type	=4.0-beta
Movable Type	=4.1
Movable Type	=4.01-beta
Movable Type	=4.1-beta
Movable Type	=4.2
Movable Type	=4.2-beta
Movable Type	=4.3
Movable Type	=4.23
Movable Type	=4.25
Movable Type	=4.26
Movable Type	=4.31
Movable Type	=4.32
Movable Type	=4.33
Movable Type	=4.34
Movable Type	=4.35
Movable Type	=4.36
Movable Type	=4.261
Movable Type	=4.361
Movable Type	=5.1
Movable Type	=5.02
Movable Type	=5.03
Movable Type	=5.04
Movable Type	=5.05
Movable Type	=5.06
Movable Type	=5.11
Movable Type	=5.12
Movable Type	=5.031
Movable Type	=5.051
Movable Type	<=4.37
Movable Type	=4.0
Movable Type	=4.0-beta
Movable Type	=4.1
Movable Type	=4.1-beta
Movable Type	=4.01-beta
Movable Type	=4.2
Movable Type	=4.2-beta
Movable Type	=4.3
Movable Type	=4.23
Movable Type	=4.25
Movable Type	=4.26
Movable Type	=4.31
Movable Type	=4.32
Movable Type	=4.33
Movable Type	=4.34
Movable Type	=4.35
Movable Type	=4.36
Movable Type	=4.261
Movable Type	=4.361
Movable Type	=5.1
Movable Type	=5.02
Movable Type	=5.03
Movable Type	=5.04
Movable Type	=5.05
Movable Type	=5.06
Movable Type	=5.11
Movable Type	=5.12
Movable Type	=5.031
Movable Type	=5.051

Remedy

http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html

Remedy

http://www.movabletype.org/documentation/appendices/release-notes/513.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-1497?
CVE-2012-1497 has a medium severity rating due to its potential for directory traversal attacks allowing unauthorized access to files.
How do I fix CVE-2012-1497?
To fix CVE-2012-1497, upgrade Movable Type to version 4.38, 5.07, or 5.13 or later.
What versions are affected by CVE-2012-1497?
CVE-2012-1497 affects Movable Type versions prior to 4.38, 5.0x before 5.07, and 5.1x before 5.13.
What is the attack vector for CVE-2012-1497?
The attack vector for CVE-2012-1497 involves remote authenticated users exploiting the "mt:Include file=" attribute for directory traversal.
Can CVE-2012-1497 lead to data exposure?
Yes, CVE-2012-1497 can lead to unauthorized file access and potentially expose sensitive data.

agent/type
agent/last-modified-date
agent/first-publish-date
agent/weakness
agent/severity
agent/references
agent/remedy
agent/author
agent/softwarecombine
agent/description
agent/event
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/movabletype
canonical/movable type open source
version/movable type open source/4.37
version/movable type open source/4.0
version/movable type open source/4.0-beta
version/movable type open source/4.1
version/movable type open source/4.1-beta
version/movable type open source/4.01-beta
version/movable type open source/4.2
version/movable type open source/4.2-beta
version/movable type open source/4.3
version/movable type open source/4.23
version/movable type open source/4.25
version/movable type open source/4.26
version/movable type open source/4.31
version/movable type open source/4.32
version/movable type open source/4.33
version/movable type open source/4.34
version/movable type open source/4.35
version/movable type open source/4.36
version/movable type open source/4.261
version/movable type open source/4.361
version/movable type open source/5.1
version/movable type open source/5.02
version/movable type open source/5.03
version/movable type open source/5.04
version/movable type open source/5.05
version/movable type open source/5.06
version/movable type open source/5.11
version/movable type open source/5.12
version/movable type open source/5.031
version/movable type open source/5.051
canonical/movable type
version/movable type/4.37
version/movable type/4.0
version/movable type/4.0-beta
version/movable type/4.1
version/movable type/4.01-beta
version/movable type/4.1-beta
version/movable type/4.2
version/movable type/4.2-beta
version/movable type/4.3
version/movable type/4.23
version/movable type/4.25
version/movable type/4.26
version/movable type/4.31
version/movable type/4.32
version/movable type/4.33
version/movable type/4.34
version/movable type/4.35
version/movable type/4.36
version/movable type/4.261
version/movable type/4.361
version/movable type/5.1
version/movable type/5.02
version/movable type/5.03
version/movable type/5.04
version/movable type/5.05
version/movable type/5.06
version/movable type/5.11
version/movable type/5.12
version/movable type/5.031
version/movable type/5.051

CVE-2012-1497: Path Traversal

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-1497?

How do I fix CVE-2012-1497?

What versions are affected by CVE-2012-1497?

What is the attack vector for CVE-2012-1497?

Can CVE-2012-1497 lead to data exposure?

Company

Resources

Contact