Search for vulnerabilities
Vulnerability details: VCID-h477-94bs-aaaj
Vulnerability ID VCID-h477-94bs-aaaj
Aliases CVE-2012-6329
Summary The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2013:0685
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.58020 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.66706 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.75483 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.81996 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.81996 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.81996 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.81996 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.81996 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.81996 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.81996 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.81996 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.81996 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.81996 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.81996 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
epss 0.81996 https://api.first.org/data/v1/epss?cve=CVE-2012-6329
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2012-6329
Reference id Reference type URL
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224
http://code.activestate.com/lists/perl5-porters/187746/
http://code.activestate.com/lists/perl5-porters/187763/
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://openwall.com/lists/oss-security/2012/12/11/4
http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod
http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8
http://rhn.redhat.com/errata/RHSA-2013-0685.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6329.json
https://api.first.org/data/v1/epss?cve=CVE-2012-6329
https://bugzilla.redhat.com/show_bug.cgi?id=884354
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329
http://sourceforge.net/mailarchive/message.php?msg_id=30219695
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329
http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/56950
http://www.ubuntu.com/usn/USN-2099-1
509864 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509864
cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.14.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.14.3:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.16.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.16.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.16.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:perl:perl:5.16.1:*:*:*:*:*:*:*
CVE-2012-6329 https://nvd.nist.gov/vuln/detail/CVE-2012-6329
CVE-2012-6329;OSVDB-88460;OSVDB-88272 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/unix/remote/23579.rb
GLSA-201410-02 https://security.gentoo.org/glsa/201410-02
RHSA-2013:0685 https://access.redhat.com/errata/RHSA-2013:0685
USN-2099-1 https://usn.ubuntu.com/2099-1/
Data source Exploit-DB
Date added Dec. 23, 2012
Description TWiki MAKETEXT - Remote Command Execution (Metasploit)
Ransomware campaign use Known
Source publication date Dec. 23, 2012
Exploit type remote
Platform unix
Source update date Dec. 23, 2012
Data source Metasploit
Description This module exploits a vulnerability in the MAKETEXT Twiki variable. By using a specially crafted MAKETEXT, a malicious user can execute shell commands since user input is passed to the Perl "eval" command without first being sanitized. The problem is caused by an underlying security issue in the CPAN:Locale::Maketext module. This works in TWiki sites that have user interface localization enabled (UserInterfaceInternationalisation variable set). If USERNAME and PASSWORD aren't provided, anonymous access will be tried. Also, if the 'TwikiPage' option isn't provided, the module will try to create a random page on the SandBox space. The module has been tested successfully on TWiki 5.1.2 as distributed with the official TWiki-VM-5.1.2-1 virtual machine.
Note 
{}
Ransomware campaign use Unknown
Source publication date Dec. 15, 2012
Platform Unix
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/unix/webapp/twiki_maketext.rb
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2012-6329
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.97808
EPSS Score 0.58020
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.