PT-2014-2375 · Perl · Html::Ep+2

John Lightsey

Published

2014-06-04

Updated

2017-08-29

CVE-2012-6142

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions HTML::EP module versions 0.2011

Description The issue arises from the improper use of the Storable::thaw function in the Session::Cookie component of the HTML::EP module for Perl. This allows remote attackers to execute arbitrary code via a crafted request that is not properly handled when deserialized.

Recommendations For HTML::EP module version 0.2011, consider disabling the use of the Session::Cookie component until a patch is available. Restrict access to the Storable::thaw function to minimize the risk of exploitation. Avoid using the Session::Cookie component in the HTML::EP module until the issue is resolved.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2012-6142

Affected Products

Html::Ep

Cookie-Session

Storable

PT-2014-2375 · Perl · Html::Ep+2

CVE-2012-6142

Weakness Enumeration

Related Identifiers

Affected Products

References · 4