cnvd - cnvd-2019-41656

CNVD-2019-41656

Vulnerability from cnvd - Published: 2019-11-21

Title

Six Apart Movable Type打开重定向漏洞

Description

Six Apart Movable Type（MT）是美国Six Apart公司的一套博客系统。该系统包括多用户、评论、引用和主题等功能。 Six Apart MT中存在打开重定向漏洞，攻击者可利用该漏洞将用户重定向到任意网站。

Severity

低

Patch Name

Six Apart Movable Type打开重定向漏洞的补丁

Patch Description

Six Apart Movable Type（MT）是美国Six Apart公司的一套博客系统。该系统包括多用户、评论、引用和主题等功能。 Six Apart MT中存在打开重定向漏洞，攻击者可利用该漏洞将用户重定向到任意网站。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html

Reference

https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000069.html

Impacted products

Name
['Six Apart Movable Type <=7 r.4602 (7.1.3)', 'Six Apart Movable Type 6.5.0', 'Six Apart Movable Type 6.5.1', 'Six Apart Movable Type <=6.3.9', 'Six Apart Movable Type Advanced <=7 r.4602', 'Six Apart Movable Type Advanced 6.5.0', 'Six Apart Movable Type Advanced 6.5.1', 'Six Apart Movable Type Advanced <=6.3.9', 'Six Apart Movable Type Premium <=1.24', 'Six Apart Movable Type Premium (Advanced Edition) <=1.24']

Name

['Six Apart Movable Type <=7 r.4602 (7.1.3)', 'Six Apart Movable Type 6.5.0', 'Six Apart Movable Type 6.5.1', 'Six Apart Movable Type <=6.3.9', 'Six Apart Movable Type Advanced <=7 r.4602', 'Six Apart Movable Type Advanced 6.5.0', 'Six Apart Movable Type Advanced 6.5.1', 'Six Apart Movable Type Advanced <=6.3.9', 'Six Apart Movable Type Premium <=1.24', 'Six Apart Movable Type Premium (Advanced Edition) <=1.24']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6025",
      "cveUrl": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6025"
    }
  },
  "description": "Six Apart Movable Type\uff08MT\uff09\u662f\u7f8e\u56fdSix Apart\u516c\u53f8\u7684\u4e00\u5957\u535a\u5ba2\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u5305\u62ec\u591a\u7528\u6237\u3001\u8bc4\u8bba\u3001\u5f15\u7528\u548c\u4e3b\u9898\u7b49\u529f\u80fd\u3002\n\nSix Apart MT\u4e2d\u5b58\u5728\u6253\u5f00\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u4efb\u610f\u7f51\u7ad9\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41656",
  "openTime": "2019-11-21",
  "patchDescription": "Six Apart Movable Type\uff08MT\uff09\u662f\u7f8e\u56fdSix Apart\u516c\u53f8\u7684\u4e00\u5957\u535a\u5ba2\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u5305\u62ec\u591a\u7528\u6237\u3001\u8bc4\u8bba\u3001\u5f15\u7528\u548c\u4e3b\u9898\u7b49\u529f\u80fd\u3002\r\n\r\nSix Apart MT\u4e2d\u5b58\u5728\u6253\u5f00\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u4efb\u610f\u7f51\u7ad9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Six Apart Movable Type\u6253\u5f00\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Six Apart Movable Type \u003c=7 r.4602 (7.1.3)",
      "Six Apart Movable Type 6.5.0",
      "Six Apart Movable Type 6.5.1",
      "Six Apart Movable Type \u003c=6.3.9",
      "Six Apart Movable Type Advanced \u003c=7 r.4602",
      "Six Apart Movable Type Advanced 6.5.0",
      "Six Apart Movable Type Advanced 6.5.1",
      "Six Apart Movable Type Advanced \u003c=6.3.9",
      "Six Apart Movable Type Premium \u003c=1.24",
      "Six Apart Movable Type Premium (Advanced Edition) \u003c=1.24"
    ]
  },
  "referenceLink": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-000069.html",
  "serverity": "\u4f4e",
  "submitTime": "2019-11-13",
  "title": "Six Apart Movable Type\u6253\u5f00\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

CVE-2019-6025 (GCVE-0-2019-6025)

Vulnerability from cvelistv5 – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:16

Summary

Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

Severity ?

No CVSS data available.

CWE

Open Redirect

Assigner

jpcert

References

URL

Tags

	https://movabletype.org/news/2019/11/movable_type…	x_refsource_MISC
	http://jvn.jp/en/jp/JVN65280626/index.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Six Apart Ltd	Movable Type series	Affected: Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:23.131Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN65280626/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Movable Type series",
          "vendor": "Six Apart Ltd",
          "versions": [
            {
              "status": "affected",
              "version": "Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Open Redirect",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-26T15:16:50",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://jvn.jp/en/jp/JVN65280626/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2019-6025",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Movable Type series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Six Apart Ltd"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Open Redirect"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html",
              "refsource": "MISC",
              "url": "https://movabletype.org/news/2019/11/movable_type_r4603_v714_v652_and_v6310_released.html"
            },
            {
              "name": "http://jvn.jp/en/jp/JVN65280626/index.html",
              "refsource": "MISC",
              "url": "http://jvn.jp/en/jp/JVN65280626/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2019-6025",
    "datePublished": "2019-12-26T15:16:50",
    "dateReserved": "2019-01-10T00:00:00",
    "dateUpdated": "2024-08-04T20:16:23.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-41656

CVE-2019-6025 (GCVE-0-2019-6025)

Tags

Sightings

Nomenclature