Movable Type Ships 'Mandatory' Security Update

 
 
By Ryan Naraine  |  Posted 2008-01-17 Print this article Print
 
 
 
 
 
 
 

Movable Type Ships 'Mandatory' Security Update Blogging software provider Six Apart has released a mandatory security update for its flagship Movable Type product, warning that unpatched installations are vulnerable to data leakage.

According to an alert from the company, there are certain circumstances in which a vulnerable MT blog template may be rendered dynamically via CGI in an otherwise static publishing context.

If you use Movable Type to publish PHP files (or JSP or ASP pages) and have embedded within your Movable Type templates sensitive information (such as database connection information), then that sensitive information could potentially be exposed and viewed publicly.

All versions of Movable Type released since 3.2 (inclusive) are affected by this vulnerability.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel