CVE-2015-1592 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2015-1592?

CVE-2015-1592 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-1592?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Sixapart Movable Type.

Vulnerability Description

Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and execute arbitrary local Perl files and possibly execute arbitrary code via unspecified vectors.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	7.0
Sixapart	Movable Type	>= 5.2.0, < 5.2.12

Related Weaknesses (CWE)

CWE-74

References

http://www.openwall.com/lists/oss-security/2015/02/12/17Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2015/02/12/2Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/72606Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1031777Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/100912Third Party AdvisoryVDB Entry
https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_closeVendor Advisory
https://www.debian.org/security/2015/dsa-3183Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/02/12/17Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2015/02/12/2Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/72606Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1031777Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/100912Third Party AdvisoryVDB Entry
https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_closeVendor Advisory
https://www.debian.org/security/2015/dsa-3183Third Party Advisory

FAQ

What is CVE-2015-1592?

CVE-2015-1592 is a vulnerability with a CVSS score of 7.5 (HIGH). Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and e...

How severe is CVE-2015-1592?

CVE-2015-1592 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-1592?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Sixapart Movable Type.