Lucene search

[email protected]NVD:CVE-2009-2481

HistoryJul 16, 2009 - 4:30 p.m.

CVE-2009-2481

2009-07-1616:30:00

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.004

Percentile

75.1%

JSON

mt-wizard.cgi in Six Apart Movable Type before 4.261, when global templates are not initialized, allows remote attackers to bypass access restrictions and (1) send e-mail to arbitrary addresses or (2) obtain sensitive information via unspecified vectors.

Affected configurations

Nvd

Node

six_apartmovable_typeMatch1.54enterprise

six_apartmovable_typeMatch2.6

six_apartmovable_typeMatch2.63

six_apartmovable_typeMatch3.3

six_apartmovable_typeMatch3.16

six_apartmovable_typeMatch3.17

six_apartmovable_typeMatch3.32

six_apartmovable_typeMatch3.33

six_apartmovable_typeMatch3.36enterprise

six_apartmovable_typeMatch4.20

six_apartmovable_typeMatch4.20community_solution

six_apartmovable_typeMatch4.20enterprise

six_apartmovable_typeMatch4.20open_source

six_apartmovable_typeMatch4.25

sixapartmovable_typeRange≤4.26

sixapartmovable_typeMatch1.00enterprise

sixapartmovable_typeMatch1.1enterprise

sixapartmovable_typeMatch1.2enterprise

sixapartmovable_typeMatch1.3enterprise

sixapartmovable_typeMatch1.4enterprise

sixapartmovable_typeMatch1.5enterprise

sixapartmovable_typeMatch1.31enterprise

sixapartmovable_typeMatch3.0d

sixapartmovable_typeMatch3.1

sixapartmovable_typeMatch3.01d

sixapartmovable_typeMatch3.2

sixapartmovable_typeMatch3.3

sixapartmovable_typeMatch3.11

sixapartmovable_typeMatch3.12

sixapartmovable_typeMatch3.14

sixapartmovable_typeMatch3.15

sixapartmovable_typeMatch3.16

sixapartmovable_typeMatch3.17

sixapartmovable_typeMatch3.32

sixapartmovable_typeMatch3.33

sixapartmovable_typeMatch3.34

sixapartmovable_typeMatch3.35

sixapartmovable_typeMatch4.0-community_solution

sixapartmovable_typeMatch4.0-pro

sixapartmovable_typeMatch4.01-community_solution

sixapartmovable_typeMatch4.1-community_solution

sixapartmovable_typeMatch4.1-pro

sixapartmovable_typeMatch4.01-pro

sixapartmovable_typeMatch4.01bcommunity_solution

sixapartmovable_typeMatch4.01bpro

sixapartmovable_typeMatch4.2

sixapartmovable_typeMatch4.2-community_solution

sixapartmovable_typeMatch4.2-pro

sixapartmovable_typeMatch4.12-community_solution

sixapartmovable_typeMatch4.12-pro

sixapartmovable_typeMatch4.21

sixapartmovable_typeMatch4.21-community_solution

sixapartmovable_typeMatch4.21-pro

sixapartmovable_typeMatch4.23

sixapartmovable_typeMatch4.23-community_solution

sixapartmovable_typeMatch4.23-pro

sixapartmovable_typeMatch4.25

VendorProductVersionCPE
six_apartmovable_type1.54cpe:2.3:a:six_apart:movable_type:1.54:*:enterprise:*:*:*:*:*
six_apartmovable_type2.6cpe:2.3:a:six_apart:movable_type:2.6:*:*:*:*:*:*:*
six_apartmovable_type2.63cpe:2.3:a:six_apart:movable_type:2.63:*:*:*:*:*:*:*
six_apartmovable_type3.3cpe:2.3:a:six_apart:movable_type:3.3:*:*:*:*:*:*:*
six_apartmovable_type3.16cpe:2.3:a:six_apart:movable_type:3.16:*:*:*:*:*:*:*
six_apartmovable_type3.17cpe:2.3:a:six_apart:movable_type:3.17:*:*:*:*:*:*:*
six_apartmovable_type3.32cpe:2.3:a:six_apart:movable_type:3.32:*:*:*:*:*:*:*
six_apartmovable_type3.33cpe:2.3:a:six_apart:movable_type:3.33:*:*:*:*:*:*:*
six_apartmovable_type3.36cpe:2.3:a:six_apart:movable_type:3.36:*:enterprise:*:*:*:*:*
six_apartmovable_type4.20cpe:2.3:a:six_apart:movable_type:4.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
six_apart	movable_type	1.54	cpe:2.3:a:six_apart:movable_type:1.54::enterprise:::::
six_apart	movable_type	2.6	cpe:2.3:a:six_apart:movable_type:2.6:::::::*
six_apart	movable_type	2.63	cpe:2.3:a:six_apart:movable_type:2.63:::::::*
six_apart	movable_type	3.3	cpe:2.3:a:six_apart:movable_type:3.3:::::::*
six_apart	movable_type	3.16	cpe:2.3:a:six_apart:movable_type:3.16:::::::*
six_apart	movable_type	3.17	cpe:2.3:a:six_apart:movable_type:3.17:::::::*
six_apart	movable_type	3.32	cpe:2.3:a:six_apart:movable_type:3.32:::::::*
six_apart	movable_type	3.33	cpe:2.3:a:six_apart:movable_type:3.33:::::::*
six_apart	movable_type	3.36	cpe:2.3:a:six_apart:movable_type:3.36::enterprise:::::
six_apart	movable_type	4.20	cpe:2.3:a:six_apart:movable_type:4.20:::::::*

Rows per page:

1-10 of 571

References

jvn.jp/en/jp/JVN08369659/index.html

jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000043.html

secunia.com/advisories/35534

www.securityfocus.com/bid/35471

www.vupen.com/english/advisories/2009/1668

exchange.xforce.ibmcloud.com/vulnerabilities/51330

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.004

Percentile

75.1%

JSON

Related for NVD:CVE-2009-2481

jvn1 cvelist1 prion1 cve1