CVE-2012-6330
published 2013-01-04CVE-2012-6330: The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of…
PriorityP334medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
35.70%
98.3th percentile
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foswiki | foswiki | — | — |
| foswiki | foswiki | — | — |
| foswiki | foswiki | — | — |
| foswiki | foswiki | — | — |
| foswiki | foswiki | — | — |
| foswiki | foswiki | — | — |
| foswiki | foswiki | — | — |
| foswiki | foswiki | — | — |
| foswiki | foswiki | — | — |
| foswiki | foswiki | — | — |
| foswiki | foswiki | — | — |
| foswiki | foswiki | — | — |
| foswiki | foswiki | — | — |
| twiki | twiki | <= 5.1.2 | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →For the DoS variant (CVE-2012-6330), detect HTTP requests containing a %MAKETEXT% macro with a large integer value, which causes memory exhaustion in the localization subsystem. ↗
- →Exploitation success is confirmed by the response body containing the string 'HASH', indicating Perl eval output leakage from the MAKETEXT injection. ↗
- ·The RCE vector (CVE-2012-6329, referenced in the exploit) only affects Foswiki instances with UserInterfaceInternationalisation enabled; sites without this setting are not vulnerable to RCE but may still be vulnerable to the DoS (CVE-2012-6330). ↗
- ·The exploit can operate without authentication (anonymous access); absence of credentials does not prevent exploitation if the target page allows anonymous edits. ↗
- ·The exploit targets Foswiki 1.1.5 specifically as tested, but the vulnerability range covers TWiki before 5.1.3 and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://sourceforge.net/mailarchive/message.php?msg_id=30219695http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329http://www.securityfocus.com/bid/56950http://sourceforge.net/mailarchive/message.php?msg_id=30219695http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329http://www.securityfocus.com/bid/56950
2013-01-04
Published