[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-1349Date: (C)2007-03-29   (M)2023-12-22


PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1018259
SUNALERT-1021508
2007-0023
20070602-01-P
BID-23192
SECUNIA-24678
SUNALERT-248386
SECUNIA-24839
SECUNIA-25072
SECUNIA-25110
SECUNIA-25432
SECUNIA-25655
SECUNIA-25730
SECUNIA-25894
SECUNIA-26084
SECUNIA-26231
SECUNIA-26290
SECUNIA-31490
SECUNIA-31493
SECUNIA-33720
SECUNIA-33723
ADV-2007-1150
GLSA-200705-04
MDKSA-2007:083
RHSA-2007:0395
RHSA-2007:0396
RHSA-2007:0486
RHSA-2008:0261
RHSA-2008:0627
RHSA-2008:0630
SUSE-SR:2007:008
SUSE-SR:2007:012
USN-488-1
http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm
http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes
http://www.gossamer-threads.com/lists/modperl/modperl/92739
modperl-pathinfo-dos(33312)
oval:org.mitre.oval:def:10987
oval:org.mitre.oval:def:8349

CPE    7
cpe:/a:apache:mod_perl
cpe:/o:canonical:ubuntu_linux:7.04
cpe:/o:redhat:enterprise_linux_desktop:3.0
cpe:/o:redhat:enterprise_linux_desktop:4.0
...
CWE    1
CWE-20

© SecPod Technologies