CVE-2007-1349

CWE-20 — Improper Input Validation10 documents8 sources

Severity

5.0MEDIUM

EPSS

17.7%

top 4.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache MOD Perl Canonical Ubuntu Linux Redhat Enterprise Linux Desktop +4 more

Timeline

PublishedMar 30

Latest updateMay 3

Description

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

▶NVDapache/mod_perl2.0.0 — 2.0.11+1

▶Debianlibapache2-mod-perl2< 2.0.2-5+3

▶NVDredhat/satellite5.1

▶NVDredhat/enterprise_linux_server3.0, 4.0, 5.0+2

▶NVDredhat/enterprise_linux_desktop3.0, 4.0, 5.0+2

Also affects: Ubuntu Linux 6.06, 6.10, 7.04, Enterprise Linux 4.5

🔴Vulnerability Details

GHSA

GHSA-fxxc-hq33-c3m6: PerlRun↗2022-05-03

▶

OSV

CVE-2007-1349: PerlRun↗2007-03-30

▶

CVEList

CVE-2007-1349: PerlRun↗2007-03-30

▶

📋Vendor Advisories

Ubuntu

mod_perl vulnerability↗2007-07-18

▶

Red Hat

mod_perl PerlRun denial of service↗2007-03-22

▶

Debian

CVE-2007-1349: libapache2-mod-perl2 - PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x...↗2007

▶

💬Community

Bugzilla

CVE-2007-1349 mod_perl PerlRun denial of service↗2007-05-31

▶

Bugzilla

CVE-2007-1349 mod_perl PerlRun denial of service↗2007-05-31

▶

Bugzilla

CVE-2007-1349 mod_perl PerlRun denial of service↗2007-05-17

▶