cbcvebase.
CVE-2012-6330
published 2013-01-04

CVE-2012-6330: The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of…

PriorityP334medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
35.70%
98.3th percentile
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.

Affected

16 ranges
VendorProductVersion rangeFixed in
foswikifoswiki
foswikifoswiki
foswikifoswiki
foswikifoswiki
foswikifoswiki
foswikifoswiki
foswikifoswiki
foswikifoswiki
foswikifoswiki
foswikifoswiki
foswikifoswiki
foswikifoswiki
foswikifoswiki
twikitwiki<= 5.1.2
twikitwiki
twikitwiki

Detection & IOCsextracted from sources · hover to see the quote

cookieFOSWIKISID=([0-9a-f]*)
cookieFOSWIKISTRIKEONE=([0-9a-f]*)
path/bin/login
path/bin/edit
path/bin/save
  • For the DoS variant (CVE-2012-6330), detect HTTP requests containing a %MAKETEXT% macro with a large integer value, which causes memory exhaustion in the localization subsystem.
  • Exploitation success is confirmed by the response body containing the string 'HASH', indicating Perl eval output leakage from the MAKETEXT injection.
  • ·The RCE vector (CVE-2012-6329, referenced in the exploit) only affects Foswiki instances with UserInterfaceInternationalisation enabled; sites without this setting are not vulnerable to RCE but may still be vulnerable to the DoS (CVE-2012-6330).
  • ·The exploit can operate without authentication (anonymous access); absence of credentials does not prevent exploitation if the target page allows anonymous edits.
  • ·The exploit targets Foswiki 1.1.5 specifically as tested, but the vulnerability range covers TWiki before 5.1.3 and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.