CVE-2011-2767
Severity
9.8CRITICAL
EPSS
3.5%
top 12.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 26
Latest updateMay 13
Description
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages6 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 18.10, Enterprise Linux 6.0, 6.7, 7.0, 7.3, 7.4, 7.5, 7.6
🔴Vulnerability Details
3📋Vendor Advisories
4💬Community
3Bugzilla▶
CVE-2011-2767 mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess↗2018-08-28
Bugzilla▶
CVE-2011-2767 mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess [fedora-all]↗2018-08-28
Bugzilla▶
CVE-2011-2767 mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess [epel-7]↗2018-08-28