CVE-2012-6329
Foswiki MAKETEXT - Remote Command Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
La función _compile en Maketext.pm en la implementación de Locale::Maketext en Perl anteriores a v5.17.7 no gestionan de forma adecuada los slash cruzados (\) y lo nombres de métodos cualificados durante la compilación o notación de comillas, lo que permite a atacantes dependiendo del contexto a ejecutar comandos a través de entradas manipulados sobre una aplicación que acepta la traslación de cadenas desde usuarios, como se demostró por la aplicación TWiki anteriores a v5.1.3, y la aplicación Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-12-10 CVE Reserved
- 2012-12-15 CVE Published
- 2012-12-23 First Exploit
- 2024-08-04 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (20)
URL | Tag | Source |
---|---|---|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224 | X_refsource_confirm | |
http://code.activestate.com/lists/perl5-porters/187746 | Mailing List | |
http://code.activestate.com/lists/perl5-porters/187763 | Mailing List | |
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | X_refsource_confirm | |
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | X_refsource_confirm | |
http://openwall.com/lists/oss-security/2012/12/11/4 | Mailing List | |
http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod | X_refsource_confirm | |
http://sourceforge.net/mailarchive/message.php?msg_id=30219695 | Mailing List | |
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329 | X_refsource_confirm | |
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/56950 | Vdb Entry | |
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/23580 | 2012-12-23 | |
https://www.exploit-db.com/exploits/23579 | 2012-12-23 |
URL | Date | SRC |
---|---|---|
http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8 | 2016-12-08 |
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2013-0685.html | 2016-12-08 | |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 | 2016-12-08 | |
http://www.ubuntu.com/usn/USN-2099-1 | 2016-12-08 | |
https://bugzilla.redhat.com/show_bug.cgi?id=884354 | 2013-03-26 | |
https://access.redhat.com/security/cve/CVE-2012-6329 | 2013-03-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | <= 5.16.2 Search vendor "Perl" for product "Perl" and version " <= 5.16.2" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10 Search vendor "Perl" for product "Perl" and version "5.10" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.0 Search vendor "Perl" for product "Perl" and version "5.10.0" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.0 Search vendor "Perl" for product "Perl" and version "5.10.0" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.0 Search vendor "Perl" for product "Perl" and version "5.10.0" | rc2 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.1 Search vendor "Perl" for product "Perl" and version "5.10.1" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.1 Search vendor "Perl" for product "Perl" and version "5.10.1" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.10.1 Search vendor "Perl" for product "Perl" and version "5.10.1" | rc2 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.0 Search vendor "Perl" for product "Perl" and version "5.11.0" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.1 Search vendor "Perl" for product "Perl" and version "5.11.1" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.2 Search vendor "Perl" for product "Perl" and version "5.11.2" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.3 Search vendor "Perl" for product "Perl" and version "5.11.3" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.4 Search vendor "Perl" for product "Perl" and version "5.11.4" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.11.5 Search vendor "Perl" for product "Perl" and version "5.11.5" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc0 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc2 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc3 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc4 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.0 Search vendor "Perl" for product "Perl" and version "5.12.0" | rc5 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.1 Search vendor "Perl" for product "Perl" and version "5.12.1" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.1 Search vendor "Perl" for product "Perl" and version "5.12.1" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.1 Search vendor "Perl" for product "Perl" and version "5.12.1" | rc2 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.2 Search vendor "Perl" for product "Perl" and version "5.12.2" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.2 Search vendor "Perl" for product "Perl" and version "5.12.2" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.3 Search vendor "Perl" for product "Perl" and version "5.12.3" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.3 Search vendor "Perl" for product "Perl" and version "5.12.3" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.3 Search vendor "Perl" for product "Perl" and version "5.12.3" | rc2 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.12.3 Search vendor "Perl" for product "Perl" and version "5.12.3" | rc3 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.0 Search vendor "Perl" for product "Perl" and version "5.13.0" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.1 Search vendor "Perl" for product "Perl" and version "5.13.1" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.2 Search vendor "Perl" for product "Perl" and version "5.13.2" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.3 Search vendor "Perl" for product "Perl" and version "5.13.3" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.4 Search vendor "Perl" for product "Perl" and version "5.13.4" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.5 Search vendor "Perl" for product "Perl" and version "5.13.5" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.6 Search vendor "Perl" for product "Perl" and version "5.13.6" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.7 Search vendor "Perl" for product "Perl" and version "5.13.7" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.8 Search vendor "Perl" for product "Perl" and version "5.13.8" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.9 Search vendor "Perl" for product "Perl" and version "5.13.9" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.10 Search vendor "Perl" for product "Perl" and version "5.13.10" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.13.11 Search vendor "Perl" for product "Perl" and version "5.13.11" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.0 Search vendor "Perl" for product "Perl" and version "5.14.0" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.0 Search vendor "Perl" for product "Perl" and version "5.14.0" | rc1 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.0 Search vendor "Perl" for product "Perl" and version "5.14.0" | rc2 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.0 Search vendor "Perl" for product "Perl" and version "5.14.0" | rc3 |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.1 Search vendor "Perl" for product "Perl" and version "5.14.1" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.2 Search vendor "Perl" for product "Perl" and version "5.14.2" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.14.3 Search vendor "Perl" for product "Perl" and version "5.14.3" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.16.0 Search vendor "Perl" for product "Perl" and version "5.16.0" | - |
Affected
| ||||||
Perl Search vendor "Perl" | Perl Search vendor "Perl" for product "Perl" | 5.16.1 Search vendor "Perl" for product "Perl" and version "5.16.1" | - |
Affected
|