CVE-2007-1349
published 2007-03-30CVE-2007-1349: PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which…
PriorityP424medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
10.11%
95.1th percentile
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | mod_perl | < 1.30 | 1.30 |
| apache | mod_perl | 2.0.0 – 2.0.11 | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | libapache2-mod-perl2 | < libapache2-mod-perl2 2.0.2-5 (bookworm) | libapache2-mod-perl2 2.0.2-5 (bookworm) |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | enterprise_linux_workstation | — | — |
| redhat | satellite | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
mod_perl vulnerability
vendor_ubuntu·2007-07-18
CVE-2007-1349 mod_perl vulnerability
Title: mod_perl vulnerability
Summary: mod_perl vulnerability
Alex Solovey discovered that mod_perl did not correctly validate certain
regular expression matches. A remote attacker could send a specially
crafted request to a web application using mod_perl, causing the web
server to monopolize CPU resources. This could lead to a remote denial
of service.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
mod_perl PerlRun denial of service
vendor_redhat·2007-03-22·CVSS 5.0
CVE-2007-1349 [MEDIUM] mod_perl PerlRun denial of service
mod_perl PerlRun denial of service
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Debian
CVE-2007-1349: libapache2-mod-perl2 - PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x...
vendor_debian·2007·CVSS 5.0
CVE-2007-1349 [MEDIUM] CVE-2007-1349: libapache2-mod-perl2 - PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x...
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Scope: local
bookworm: resolved (fixed in 2.0.2-5)
bullseye: resolved (fixed in 2.0.2-5)
forky: resolved (fixed in 2.0.2-5)
sid: resolved (fixed in 2.0.2-5)
trixie: resolved (fixed in 2.0.2-5)
GHSA
GHSA-fxxc-hq33-c3m6: PerlRun
ghsa_unreviewed·2022-05-03
CVE-2007-1349 [MEDIUM] CWE-20 GHSA-fxxc-hq33-c3m6: PerlRun
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
OSV
CVE-2007-1349: PerlRun
osv·2007-03-30·CVSS 5.0
CVE-2007-1349 [MEDIUM] CVE-2007-1349: PerlRun
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-1349 mod_perl PerlRun denial of service
bugzilla·2007-05-31·CVSS 5.0
CVE-2007-1349 [MEDIUM] CVE-2007-1349 mod_perl PerlRun denial of service
CVE-2007-1349 mod_perl PerlRun denial of service
+++ This bug was initially created as a clone of Bug #241642 +++
tracking bug for 5.1
Discussion:
Fixed in mod_perl-2.0.3-2.el5s2.
---
Red Hat Application Stack is in the "maintenance" phase of the product
lifecycle, where only critical security issues will be fixed. I'm closing this
bug, accordingly.
https://access.redhat.com/support/policy/updates/rhappstack/
Bugzilla
CVE-2007-1349 mod_perl PerlRun denial of service
bugzilla·2007-05-31·CVSS 5.0
CVE-2007-1349 [MEDIUM] CVE-2007-1349 mod_perl PerlRun denial of service
CVE-2007-1349 mod_perl PerlRun denial of service
+++ This bug was initially created as a clone of Bug #241642 +++
tracking bug for 5.1
Discussion:
*** This bug has been marked as a duplicate of 241646 ***
Bugzilla
CVE-2007-1349 mod_perl PerlRun denial of service
bugzilla·2007-05-17·CVSS 5.0
CVE-2007-1349 [MEDIUM] CVE-2007-1349 mod_perl PerlRun denial of service
CVE-2007-1349 mod_perl PerlRun denial of service
Description of problem:
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl
2.x, does not properly escape PATH_INFO before use in a regular expression,
which allows remote attackers to cause a denial of service (resource
consumption) via a crafted URI.
Discussion:
This issue has been addressed in following products:
Red Hat Certificate System 7.3
Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.aschttp://rhn.redhat.com/errata/RHSA-2007-0395.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0630.htmlhttp://secunia.com/advisories/24678http://secunia.com/advisories/24839http://secunia.com/advisories/25072http://secunia.com/advisories/25110http://secunia.com/advisories/25432http://secunia.com/advisories/25655http://secunia.com/advisories/25730http://secunia.com/advisories/25894http://secunia.com/advisories/26084http://secunia.com/advisories/26231http://secunia.com/advisories/26290http://secunia.com/advisories/31490http://secunia.com/advisories/31493http://secunia.com/advisories/33720http://secunia.com/advisories/33723http://security.gentoo.org/glsa/glsa-200705-04.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1http://support.avaya.com/elmodocs2/security/ASA-2007-293.htmhttp://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changeshttp://www.gossamer-threads.com/lists/modperl/modperl/92739http://www.mandriva.com/security/advisories?name=MDKSA-2007:083http://www.novell.com/linux/security/advisories/2007_12_sr.htmlhttp://www.novell.com/linux/security/advisories/2007_8_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0396.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0486.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0627.htmlhttp://www.securityfocus.com/bid/23192http://www.securitytracker.com/id?1018259http://www.trustix.org/errata/2007/0023/http://www.ubuntu.com/usn/usn-488-1http://www.vupen.com/english/advisories/2007/1150https://exchange.xforce.ibmcloud.com/vulnerabilities/33312https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10987https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8349ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.aschttp://rhn.redhat.com/errata/RHSA-2007-0395.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0630.htmlhttp://secunia.com/advisories/24678http://secunia.com/advisories/24839http://secunia.com/advisories/25072http://secunia.com/advisories/25110http://secunia.com/advisories/25432http://secunia.com/advisories/25655http://secunia.com/advisories/25730http://secunia.com/advisories/25894http://secunia.com/advisories/26084http://secunia.com/advisories/26231http://secunia.com/advisories/26290http://secunia.com/advisories/31490http://secunia.com/advisories/31493http://secunia.com/advisories/33720http://secunia.com/advisories/33723http://security.gentoo.org/glsa/glsa-200705-04.xmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1http://support.avaya.com/elmodocs2/security/ASA-2007-293.htmhttp://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changeshttp://www.gossamer-threads.com/lists/modperl/modperl/92739http://www.mandriva.com/security/advisories?name=MDKSA-2007:083http://www.novell.com/linux/security/advisories/2007_12_sr.htmlhttp://www.novell.com/linux/security/advisories/2007_8_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0396.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0486.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0627.htmlhttp://www.securityfocus.com/bid/23192http://www.securitytracker.com/id?1018259http://www.trustix.org/errata/2007/0023/http://www.ubuntu.com/usn/usn-488-1http://www.vupen.com/english/advisories/2007/1150https://exchange.xforce.ibmcloud.com/vulnerabilities/33312https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10987https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8349
2007-03-30
Published