CVE-2013-2184
Published: 27 March 2015
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.
Priority
Status
Package | Release | Status |
---|---|---|
movabletype-opensource Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [5.2.9+dfsg-1])
|
|
upstream |
Released
(5.2.6)
|
|
utopic |
Not vulnerable
(5.2.9+dfsg-1)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2184
- http://www.openwall.com/lists/oss-security/2013/06/14/1
- http://perl5.git.perl.org/perl.git/commit/664f237a84176c09b20b62dbfe64dd736a7ce05e
- http://www.movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html
- NVD
- Launchpad
- Debian