CVE-2012-6141

Published Jun 4, 2014

Last updated 7 years ago

CVSS info 7.5

Overview

Description: The App::Context module 0.01 through 0.968 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request to (1) App::Session::Cookie or (2) App::Session::HTMLHidden, which is not properly handled when it is deserialized.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.01:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9BB8751-2F73-4C70-A4E4-0A356AC6E815"
          },
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.93:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E408E0A-C798-49A3-845D-4AC2408E9380"
          },
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.95:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82D8427C-4571-4505-A429-5AC6862EBBAE"
          },
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.96:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B9AE669-B3F6-4094-959D-CFA3827C0907"
          },
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.961:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C020AECE-9B57-48AB-AD7B-FA3AD559BDF9"
          },
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.962:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC852524-384C-45F2-B56C-49DE6597DC34"
          },
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.963:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DBA2478-5B69-4033-B4DC-FABB406F3260"
          },
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.964:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02B9D070-C566-4A3C-8F37-DA2432AF5DE1"
          },
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.965:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AF88335-799B-4D3C-BA15-BF6FEAE84EE1"
          },
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.966:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9AE0C20-B31B-44A6-B51A-280C07A17F09"
          },
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.967:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1C531CD-3C76-451E-AA7C-63B430947998"
          },
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.968:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33160E79-509A-4EDB-A830-D3646C12CD3D"
          },
          {
            "criteria": "cpe:2.3:a:stephen_adkins:app\\:\\:context:0.9661:*:*:*:*:perl:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F417A4C6-EC81-44CF-A5D4-C5C9EA043493"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References