CVE-2012-0317
Published: 3 March 2012
Multiple cross-site request forgery (CSRF) vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the (1) commenting feature or (2) community script.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
movabletype-opensource Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Ignored
(end of life)
|
|
| maverick |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Not vulnerable
(5.1.4+dfsg-1)
|
|
| raring |
Not vulnerable
(5.1.4+dfsg-1)
|
|
| saucy |
Not vulnerable
(5.1.4+dfsg-1)
|
|
| trusty |
Does not exist
(trusty was not-affected [5.1.4+dfsg-1])
|
|
| upstream |
Released
(4.3.8)
|
|
| utopic |
Not vulnerable
(5.1.4+dfsg-1)
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|