Lucene search

[email protected]NVD:CVE-2012-6329

HistoryJan 04, 2013 - 9:55 p.m.

CVE-2012-6329

2013-01-0421:55:01

CWE-94

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.6 High

AI Score

Confidence

High

0.59 Medium

EPSS

Percentile

97.8%

JSON

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.

Affected configurations

NVD

Node

perlperlRange≤5.16.2

perlperlMatch5.10

perlperlMatch5.10.0

perlperlMatch5.10.0rc1

perlperlMatch5.10.0rc2

perlperlMatch5.10.1

perlperlMatch5.10.1rc1

perlperlMatch5.10.1rc2

perlperlMatch5.11.0

perlperlMatch5.11.1

perlperlMatch5.11.2

perlperlMatch5.11.3

perlperlMatch5.11.4

perlperlMatch5.11.5

perlperlMatch5.12.0

perlperlMatch5.12.0rc0

perlperlMatch5.12.0rc1

perlperlMatch5.12.0rc2

perlperlMatch5.12.0rc3

perlperlMatch5.12.0rc4

perlperlMatch5.12.0rc5

perlperlMatch5.12.1

perlperlMatch5.12.1rc1

perlperlMatch5.12.1rc2

perlperlMatch5.12.2

perlperlMatch5.12.2rc1

perlperlMatch5.12.3

perlperlMatch5.12.3rc1

perlperlMatch5.12.3rc2

perlperlMatch5.12.3rc3

perlperlMatch5.13.0

perlperlMatch5.13.1

perlperlMatch5.13.2

perlperlMatch5.13.3

perlperlMatch5.13.4

perlperlMatch5.13.5

perlperlMatch5.13.6

perlperlMatch5.13.7

perlperlMatch5.13.8

perlperlMatch5.13.9

perlperlMatch5.13.10

perlperlMatch5.13.11

perlperlMatch5.14.0

perlperlMatch5.14.0rc1

perlperlMatch5.14.0rc2

perlperlMatch5.14.0rc3

perlperlMatch5.14.1

perlperlMatch5.14.2

perlperlMatch5.14.3

perlperlMatch5.16.0

perlperlMatch5.16.1

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224

code.activestate.com/lists/perl5-porters/187746/

code.activestate.com/lists/perl5-porters/187763/

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

openwall.com/lists/oss-security/2012/12/11/4

perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod

perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8

rhn.redhat.com/errata/RHSA-2013-0685.html

sourceforge.net/mailarchive/message.php?msg_id=30219695

twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329

www.mandriva.com/security/advisories?name=MDVSA-2013:113

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/56950

www.ubuntu.com/usn/USN-2099-1

bugzilla.redhat.com/show_bug.cgi?id=884354

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.6 High

AI Score

Confidence

High

0.59 Medium

EPSS

Percentile

97.8%

JSON

Related for NVD:CVE-2012-6329