CVE-2012-6329
Foswiki MAKETEXT - Remote Command Execution
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
La función _compile en Maketext.pm en la implementación de Locale::Maketext en Perl anteriores a v5.17.7 no gestionan de forma adecuada los slash cruzados (\) y lo nombres de métodos cualificados durante la compilación o notación de comillas, lo que permite a atacantes dependiendo del contexto a ejecutar comandos a través de entradas manipulados sobre una aplicación que acepta la traslación de cadenas desde usuarios, como se demostró por la aplicación TWiki anteriores a v5.1.3, y la aplicación Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-12-10 CVE Reserved
- 2012-12-15 CVE Published
- 2012-12-23 First Exploit
- 2024-08-04 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224 | X_refsource_confirm | |
| http://code.activestate.com/lists/perl5-porters/187746 | Mailing List | |
| http://code.activestate.com/lists/perl5-porters/187763 | Mailing List | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | X_refsource_confirm | |
| http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | X_refsource_confirm | |
| http://openwall.com/lists/oss-security/2012/12/11/4 | Mailing List | |
| http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod | X_refsource_confirm | |
| http://sourceforge.net/mailarchive/message.php?msg_id=30219695 | Mailing List | |
| http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329 | X_refsource_confirm | |
| http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/56950 | Vdb Entry | |
| https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/23580 | 2012-12-23 | |
| https://www.exploit-db.com/exploits/23579 | 2012-12-23 |
| URL | Date | SRC |
|---|---|---|
| http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8 | 2016-12-08 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0685.html | 2016-12-08 | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 | 2016-12-08 | |
| http://www.ubuntu.com/usn/USN-2099-1 | 2016-12-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=884354 | 2013-03-26 | |
| https://access.redhat.com/security/cve/CVE-2012-6329 | 2013-03-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | <= 5.16.2 Search vendor "Perl" for product "Perl" and version " <= 5.16.2" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10 Search vendor "Perl" for product "Perl" and version "5.10" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.0 Search vendor "Perl" for product "Perl" and version "5.10.0" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.0 Search vendor "Perl" for product "Perl" and version "5.10.0" | rc1 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.0 Search vendor "Perl" for product "Perl" and version "5.10.0" | rc2 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.1 Search vendor "Perl" for product "Perl" and version "5.10.1" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.1 Search vendor "Perl" for product "Perl" and version "5.10.1" | rc1 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.1 Search vendor "Perl" for product "Perl" and version "5.10.1" | rc2 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.0 Search vendor "Perl" for product "Perl" and version "5.11.0" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.1 Search vendor "Perl" for product "Perl" and version "5.11.1" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.2 Search vendor "Perl" for product "Perl" and version "5.11.2" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.3 Search vendor "Perl" for product "Perl" and version "5.11.3" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.4 Search vendor "Perl" for product "Perl" and version "5.11.4" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.5 Search vendor "Perl" for product "Perl" and version "5.11.5" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc0 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc1 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc2 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc3 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc4 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc5 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.1 Search vendor "Perl" for product "Perl" and version "5.12.1" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.1 Search vendor "Perl" for product "Perl" and version "5.12.1" | rc1 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.1 Search vendor "Perl" for product "Perl" and version "5.12.1" | rc2 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.2 Search vendor "Perl" for product "Perl" and version "5.12.2" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.2 Search vendor "Perl" for product "Perl" and version "5.12.2" | rc1 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.3 Search vendor "Perl" for product "Perl" and version "5.12.3" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.3 Search vendor "Perl" for product "Perl" and version "5.12.3" | rc1 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.3 Search vendor "Perl" for product "Perl" and version "5.12.3" | rc2 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.3 Search vendor "Perl" for product "Perl" and version "5.12.3" | rc3 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.0 Search vendor "Perl" for product "Perl" and version "5.13.0" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.1 Search vendor "Perl" for product "Perl" and version "5.13.1" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.2 Search vendor "Perl" for product "Perl" and version "5.13.2" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.3 Search vendor "Perl" for product "Perl" and version "5.13.3" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.4 Search vendor "Perl" for product "Perl" and version "5.13.4" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.5 Search vendor "Perl" for product "Perl" and version "5.13.5" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.6 Search vendor "Perl" for product "Perl" and version "5.13.6" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.7 Search vendor "Perl" for product "Perl" and version "5.13.7" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.8 Search vendor "Perl" for product "Perl" and version "5.13.8" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.9 Search vendor "Perl" for product "Perl" and version "5.13.9" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.10 Search vendor "Perl" for product "Perl" and version "5.13.10" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.11 Search vendor "Perl" for product "Perl" and version "5.13.11" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.0 Search vendor "Perl" for product "Perl" and version "5.14.0" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.0 Search vendor "Perl" for product "Perl" and version "5.14.0" | rc1 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.0 Search vendor "Perl" for product "Perl" and version "5.14.0" | rc2 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.0 Search vendor "Perl" for product "Perl" and version "5.14.0" | rc3 |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.1 Search vendor "Perl" for product "Perl" and version "5.14.1" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.2 Search vendor "Perl" for product "Perl" and version "5.14.2" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.3 Search vendor "Perl" for product "Perl" and version "5.14.3" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.16.0 Search vendor "Perl" for product "Perl" and version "5.16.0" | - |
Affected
| ||||||
| Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.16.1 Search vendor "Perl" for product "Perl" and version "5.16.1" | - |
Affected
| ||||||