Candidate: CVE-2012-1497
PublicDate: 2012-03-03 04:04:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1497
 http://www.movabletype.org/2012/02/movable_type_513_507_and_438_security_updates.html
Description:
 The default configuration of Movable Type before 4.38, 5.0x before 5.07,
 and 5.1x before 5.13 supports the "mt:Include file=" attribute, which
 allows remote authenticated users to conduct directory traversal attacks
 and read arbitrary files by leveraging the template-designer role.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_movabletype-opensource:
upstream_movabletype-opensource: released (4.3.8)
hardy_movabletype-opensource: DNE
lucid_movabletype-opensource: ignored (reached end-of-life)
maverick_movabletype-opensource: ignored (reached end-of-life)
natty_movabletype-opensource: ignored (reached end-of-life)
oneiric_movabletype-opensource: ignored (reached end-of-life)
precise_movabletype-opensource: ignored (reached end-of-life)
precise/esm_movabletype-opensource: DNE (precise was needed)
quantal_movabletype-opensource: not-affected (5.1.4+dfsg-1)
raring_movabletype-opensource: not-affected (5.1.4+dfsg-1)
saucy_movabletype-opensource: not-affected (5.1.4+dfsg-1)
trusty_movabletype-opensource: not-affected (5.1.4+dfsg-1)
trusty/esm_movabletype-opensource: DNE (trusty was not-affected [5.1.4+dfsg-1])
utopic_movabletype-opensource: not-affected (5.1.4+dfsg-1)
vivid_movabletype-opensource: DNE
vivid/stable-phone-overlay_movabletype-opensource: DNE
vivid/ubuntu-core_movabletype-opensource: DNE
wily_movabletype-opensource: DNE
xenial_movabletype-opensource: DNE
yakkety_movabletype-opensource: DNE
zesty_movabletype-opensource: DNE
devel_movabletype-opensource: DNE