CVE-2012-6142

HTML::EP 0.2011 - Remote Code Execution via Storable Deserialization

Title source: llm
STIX 2.1

Description

Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/84199
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2013/q2/318
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/59833

Scores

EPSS 0.0272
EPSS Percentile 84.2%

Details

CWE
CWE-94
Status published
Products (1)
jochen_wiedmann/html\ \ ep
Published Jun 04, 2014
Tracked Since Feb 18, 2026