CVE-2007-1349

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 30-03-2007 02:19

Last modified: - 03-02-2022 05:26

Total changes: - 2

Description

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:P

Low

Attack complexity

Network

Attack vector

Low

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

vendor=apache AND product=mod_perl AND versionEndExcluding=1.30

vendor=apache AND product=mod_perl AND versionEndIncluding=2.0.11 AND versionStartIncluding=2.0.0

vendor=canonical AND product=ubuntu_linux AND version=6.06

vendor=canonical AND product=ubuntu_linux AND version=6.10

vendor=canonical AND product=ubuntu_linux AND version=7.04

vendor=Red Hat Enterprise Linux AND product=satellite AND version=5.1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_desktop AND version=3.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_desktop AND version=4.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_desktop AND version=5.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_eus AND version=4.5

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server AND version=3.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server AND version=4.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server AND version=5.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_workstation AND version=3.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_workstation AND version=4.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_workstation AND version=5.0

Reference

http://www.gossamer-threads.com/lists/modperl/modperl/92739
http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes
24678-Third Party Advisory
23192-Third Party Advisory, VDB Entry
24839-Third Party Advisory
SUSE-SR:2007:008-Broken Link
GLSA-200705-04-Third Party Advisory
25110-Third Party Advisory
25072-Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm
MDKSA-2007:083-Third Party Advisory
RHSA-2007:0395-Third Party Advisory
RHSA-2007:0486-Third Party Advisory
RHSA-2007:0396-Third Party Advisory
20070602-01-P-Broken Link
SUSE-SR:2007:012-Broken Link
2007-0023-Broken Link
USN-488-1-Third Party Advisory
1018259-Third Party Advisory, VDB Entry
25432-Third Party Advisory
25655-Third Party Advisory
25730-Third Party Advisory
25894-Third Party Advisory
26084-Third Party Advisory
26231-Third Party Advisory
26290-Third Party Advisory
RHSA-2008:0261-Third Party Advisory
RHSA-2008:0630-Third Party Advisory
31493-Third Party Advisory
RHSA-2008:0627-Third Party Advisory
31490-Third Party Advisory
33723-Third Party Advisory
248386-Broken Link
33720-Third Party Advisory
1021508-Broken Link
ADV-2007-1150-Third Party Advisory
modperl-pathinfo-dos(33312)-Third Party Advisory, VDB Entry
oval:org.mitre.oval:def:8349-Third Party Advisory
oval:org.mitre.oval:def:10987-Third Party Advisory

Keywords

CVE-2007-1349

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2007-1349

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures