PT-2007-1154 · Apache+1 · Mod Perl+1

Alex Solovey

Published

2007-03-30

Updated

2024-06-15

CVE-2007-1349

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions: mod perl versions prior to 1.30 mod perl 2.x

Description: The issue arises from insufficient input validation in the PerlRun.pm and RegistryCooker.pm components of the Apache mod perl module. This allows remote attackers to cause a denial of service, specifically resource consumption, by crafting a malicious URI. The exploitation of this issue can lead to a denial of service.

Recommendations: For mod perl versions prior to 1.30, update to version 1.30 or later to resolve the issue. For mod perl 2.x, consider disabling the PerlRun.pm and RegistryCooker.pm components until a patch is available. Restrict access to these components to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2023-6876

BDU:2022-02598

CVE-2007-1349

OPENSUSE-SU-2024:10626-1

RHSA-2007:0395

RHSA-2007:0396

RHSA-2007:0486

RHSA-2007_0395

RHSA-2008:0261

RHSA-2008:0263

RHSA-2008:0523

RHSA-2008:0524

RHSA-2008:0627

RHSA-2008:0630

RHSA-2010:0602

Affected Products

Red Hat

Mod Perl

PT-2007-1154 · Apache+1 · Mod Perl+1

CVE-2007-1349

Weakness Enumeration

Related Identifiers

Affected Products

References · 53