Linux Distros Unpatched Vulnerability : CVE-2014-125112

🗓️ 30 Mar 2026 00:00:00Reported by TenableType

Linux host unpatched CVE-2014-125112 in Plack cookie middleware up to 0.21 enables code execution.

Reporter	Title	Published	Views	Family All 15
ATTACKERKB	CVE-2014-125112	26 Mar 202602:04	–	attackerkb
Circl	CVE-2014-125112	26 Mar 202603:36	–	circl
CNNVD	Plack::Middleware::Session::Cookie 安全漏洞	26 Mar 202600:00	–	cnnvd
CVE	CVE-2014-125112	26 Mar 202602:04	–	cve
Cvelist	CVE-2014-125112 Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution	26 Mar 202602:04	–	cvelist
Debian CVE	CVE-2014-125112	26 Mar 202602:04	–	debiancve
EUVD	EUVD-2014-9820	26 Mar 202603:30	–	euvd
NVD	CVE-2014-125112	26 Mar 202603:16	–	nvd
OSV	DEBIAN-CVE-2014-125112	26 Mar 202603:16	–	osv
OSV	UBUNTU-CVE-2014-125112	26 Mar 202603:16	–	osv

Source	Link
ubuntu	www.ubuntu.com/security/CVE-2014-125112
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(304300);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/30");

  script_cve_id("CVE-2014-125112");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2014-125112");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution.
    Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an
    attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is
    no secret used to sign the cookie. (CVE-2014-125112)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2014-125112");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-125112");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/03/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libplack-middleware-session-perl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-16.04", "Host/OS/Ubuntu Linux-18.04", "Host/OS/Ubuntu Linux-20.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "libplack-middleware-session-perl"}
        ]
      }
    ]
  },
  "Ubuntu Linux-18.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "18.04",
        "pkgs": [
          {"reference": "libplack-middleware-session-perl"}
        ]
      }
    ]
  },
  "Ubuntu Linux-20.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "20.04",
        "pkgs": [
          {"reference": "libplack-middleware-session-perl"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

30 Mar 2026 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.19.8

EPSS0.00135

SSVC