Movable Type mt-comments.cgi Arbitrary External Site Redirection

2005-09-22T12:24:59
ID OSVDB:19604
Type osvdb
Reporter Tim Brown()
Modified 2005-09-22T12:24:59

Description

Vulnerability Description

Movable Type contains a flaw that may allow a malicious user to redirect users to an external URL. The issue is triggered when a user adds comments in the "mt-comments.cgi" script. It is possible that the flaw may allow a user to be tricked into visiting a malicious website resulting in a loss of integrity.

Solution Description

Upgrade to version 3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Movable Type contains a flaw that may allow a malicious user to redirect users to an external URL. The issue is triggered when a user adds comments in the "mt-comments.cgi" script. It is possible that the flaw may allow a user to be tricked into visiting a malicious website resulting in a loss of integrity.

References:

Vendor URL: http://www.sixapart.com/movabletype/ Secunia Advisory ID:16899 Related OSVDB ID: 19601 Related OSVDB ID: 19603 Related OSVDB ID: 19602 CVE-2005-3104