5

CVE-2007-1349

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheMod Perl Version < 1.30
ApacheMod Perl Version >= 2.0.0 <= 2.0.11
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
RedhatSatellite Version5.1
RedhatEnterprise Linux Eus Version4.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.11% 0.95
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.redhat.com/support/errata/RHSA-2008-0261.html
Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
Broken Link
http://secunia.com/advisories/25894
Third Party Advisory
http://secunia.com/advisories/25432
Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_12_sr.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2008-0630.html
Third Party Advisory
http://secunia.com/advisories/31493
Third Party Advisory
http://secunia.com/advisories/25072
Third Party Advisory
http://www.novell.com/linux/security/advisories/2007_8_sr.html
Broken Link
http://rhn.redhat.com/errata/RHSA-2007-0395.html
Third Party Advisory
http://secunia.com/advisories/24678
Third Party Advisory
http://secunia.com/advisories/24839
Third Party Advisory
http://secunia.com/advisories/25110
Third Party Advisory
http://secunia.com/advisories/25655
Third Party Advisory
http://secunia.com/advisories/25730
Third Party Advisory
http://secunia.com/advisories/26084
Third Party Advisory
http://secunia.com/advisories/26231
Third Party Advisory
http://secunia.com/advisories/26290
Third Party Advisory
http://secunia.com/advisories/31490
Third Party Advisory
http://secunia.com/advisories/33720
Third Party Advisory
http://secunia.com/advisories/33723
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200705-04.xml
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm
Third Party Advisory
http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes
Vendor Advisory
http://www.gossamer-threads.com/lists/modperl/modperl/92739
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2007:083
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0396.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2007-0486.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0627.html
Third Party Advisory
http://www.securityfocus.com/bid/23192
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1018259
Third Party Advisory
VDB Entry
http://www.trustix.org/errata/2007/0023/
Broken Link
http://www.ubuntu.com/usn/usn-488-1
Third Party Advisory
http://www.vupen.com/english/advisories/2007/1150
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33312
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10987
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8349
Third Party Advisory