Detections
Analytics
Movable Type < 3.2 Multiple Vulnerabilities
medium Nessus Plugin ID 19776
Language:
Synopsis
The remote web server contains a CGI application that is affected by multiple vulnerabilities.Description
The version of Movable Type installed on the remote host is affected by multiple vulnerabilities :- The application allows an attacker to enumerate valid usernames because its password reset functionality returns different errors depending on whether the supplied username exists. (CVE-2005-3101)
- The application allows privileged users to upload files with arbitrary extensions, possibly outside the web server's document directory. (CVE-2005-3102)
- The application is affected by a cross-site scripting vulnerability because it fails to properly sanitize certain fields when creating new blog entries.
(CVE-2005-3103)
- The mt-comments.cgi script allows attackers to redirect users to other sites via URLs in comments.
(CVE-2005-3104)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Movable Type 3.2 or later and grant only trusted users the ability to upload files via the administrative interface.See Also
Plugin Details
Severity: Medium
ID: 19776
File Name: movabletype_320.nasl
Version: 1.25
Type: remote
Family: CGI abuses
Published: 9/23/2005
Updated: 4/11/2022
Configuration: Enable paranoid mode, Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:sixapart:movable_type
Required KB Items: Settings/ParanoidReport, www/movabletype
Exploit Available: true
Exploit Ease: No exploit is required
Vulnerability Publication Date: 9/22/2005
Reference Information
CVE: CVE-2005-3101, CVE-2005-3102, CVE-2005-3103, CVE-2005-3104