发布日期:2012-02-23 更新日期:2012-02-29受影响系统: Movable Type Movable Type 5.12 Movable Type Movable Type 5.11 Movable Type Movable Type 5.06 Movable Type Movable Type 5.051 Movable Type Movable Type 5.05 Movable Type Movable Type 5.04 Movable Type Movable Type 5.03 Movable Type Movable Type 5.02 Movable Type Movable Type 5.01 Movable Type Movable Type 5.0 Movable Type Movable Type 4.37 Movable Type Movable Type 4.361 Movable Type Movable Type 4.36 Movable Type Movable Type 4.35 Movable Type Movable Type 4.34 Movable Type Movable Type 4.27 Movable Type Movable Type 4.261 Movable Type Movable Type 4.26 Movable Type Movable Type 4.25 Movable Type Movable Type 4.24 Movable Type Movable Type 4.23 Movable Type Movable Type 4.22 Movable Type Movable Type 4.21 Movable Type Movable Type 4.13 Movable Type Movable Type 4.01 Movable Type Movable Type 4 不受影响系统: Movable Type Movable Type 5.13 Movable Type Movable Type 5.07 Movable Type Movable Type 4.38 描述: -------------------------------------------------------------------------------- BUGTRAQ ID: 52138 CVE ID: CVE-2012-0317,CVE-2012-0318,CVE-2012-0319,CVE-2012-0320,CVE-2012-1262Movable Type是一个专业的发布平台。Movable Type在实现上存在多个跨站脚本执行漏洞、跨站请求伪造漏洞、会话劫持漏洞、远程命令执行漏洞,攻击者可利用这些漏洞在受影响站点的用户浏览器中执行任意脚本代码和命令,窃取身份验证凭证、泄露敏感信息。<*来源:Trustwave
链接:https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt http://www.movabletype.org/documentation/appendices/release-notes/513.html *>建议: -------------------------------------------------------------------------------- 厂商补丁:Movable Type ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:http://www.movabletype.org/NetDecision HTTP Server栈缓冲区溢出漏洞Sysax Multi Server "username"字段缓冲区溢出漏洞相关资讯 Movable Type 本文评论 查看全部评论 (0)
易网时代-编程资源站