PT-2007-1154 · Apache+1 · Mod Perl+1

Alex Solovey

·

Publicado

2007-03-30

·

Atualizado

2024-06-15

·

CVE-2007-1349

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions: mod perl versions prior to 1.30 mod perl 2.x
Description: The issue arises from insufficient input validation in the PerlRun.pm and RegistryCooker.pm components of the Apache mod perl module. This allows remote attackers to cause a denial of service, specifically resource consumption, by crafting a malicious URI. The exploitation of this issue can lead to a denial of service.
Recommendations: For mod perl versions prior to 1.30, update to version 1.30 or later to resolve the issue. For mod perl 2.x, consider disabling the PerlRun.pm and RegistryCooker.pm components until a patch is available. Restrict access to these components to minimize the risk of exploitation.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2023-6876
BDU:2022-02598
CVE-2007-1349
OPENSUSE-SU-2024:10626-1
RHSA-2007:0395
RHSA-2007:0396
RHSA-2007:0486
RHSA-2007_0395
RHSA-2008:0261
RHSA-2008:0263
RHSA-2008:0523
RHSA-2008:0524
RHSA-2008:0627
RHSA-2008:0630
RHSA-2010:0602

Produtos afetados

Red Hat
Mod Perl