Vulnerability CVE-2007-1349


Published: 2007-03-29   Modified: 2012-02-12

Description:
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Type:

CWE-399

(Resource Management Errors)

Vendor: Apache
Product: Mod perl 
Version:
2.0.3
2.0.2
2.0.1
2.0.0
Product: Apache test 
Version: 1.29;
Product: Http server 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.securityfocus.com/bid/23192
http://www.vupen.com/english/advisories/2007/1150
http://www.ubuntu.com/usn/usn-488-1
http://www.securitytracker.com/id?1018259
http://www.redhat.com/support/errata/RHSA-2008-0627.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.redhat.com/support/errata/RHSA-2007-0486.html
http://www.redhat.com/support/errata/RHSA-2007-0396.html
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.novell.com/linux/security/advisories/2007_12_sr.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:083
http://www.gossamer-threads.com/lists/modperl/modperl/92739
http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes
http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1
http://security.gentoo.org/glsa/glsa-200705-04.xml
http://secunia.com/advisories/33723
http://secunia.com/advisories/33720
http://secunia.com/advisories/31493
http://secunia.com/advisories/31490
http://secunia.com/advisories/26290
http://secunia.com/advisories/26231
http://secunia.com/advisories/26084
http://secunia.com/advisories/25894
http://secunia.com/advisories/25730
http://secunia.com/advisories/25655
http://secunia.com/advisories/25432
http://secunia.com/advisories/25110
http://secunia.com/advisories/25072
http://secunia.com/advisories/24839
http://secunia.com/advisories/24678
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://rhn.redhat.com/errata/RHSA-2007-0395.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8349
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10987
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc

Related CVE
CVE-2018-17197
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
CVE-2018-17195
The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client...
CVE-2018-17194
When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, th...
CVE-2018-17192
The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consist...
CVE-2018-17190
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the mast...
CVE-2018-8009
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
CVE-2018-1314
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
CVE-2018-11777
In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Copyright 2019, cxsecurity.com

 

Back to Top