Movable.Type.Web.Upgrade.Remote.Code.Execution
Description
This indicates an attack attempt against a remote Code Injection vulnerability in Movable Type.
The vulnerability is caused by an error when the vulnerable software handles a malicious HTTP request with a crafted URI. It allows a remote attacker to execute arbitrary code via sending a crafted URI to a vulnerable application.
Affected Products
Movable Type Movable Type 4.37
Movable Type Movable Type 4.361
Movable Type Movable Type 4.36
Movable Type Movable Type 4.35
Movable Type Movable Type 4.34
Movable Type Movable Type 4.27
Movable Type Movable Type 4.261
Movable Type Movable Type 4.26
Movable Type Movable Type 4.25
Movable Type Movable Type 4.24
Movable Type Movable Type 4.23
Movable Type Movable Type 4.22
Movable Type Movable Type 4.21
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply patch available from the vendor's website.
http://www.movabletype.com/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |