Vulnerability CVE-2007-1349


Published: 2007-03-29   Modified: 2012-02-12

Description:
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Type:

CWE-399

(Resource Management Errors)

Vendor: Apache
Product: Mod perl 
Version:
2.0.3
2.0.2
2.0.1
2.0.0
Product: Apache test 
Version: 1.29;
Product: Http server 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.securityfocus.com/bid/23192
http://www.vupen.com/english/advisories/2007/1150
http://www.ubuntu.com/usn/usn-488-1
http://www.securitytracker.com/id?1018259
http://www.redhat.com/support/errata/RHSA-2008-0627.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.redhat.com/support/errata/RHSA-2007-0486.html
http://www.redhat.com/support/errata/RHSA-2007-0396.html
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.novell.com/linux/security/advisories/2007_12_sr.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:083
http://www.gossamer-threads.com/lists/modperl/modperl/92739
http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes
http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1
http://security.gentoo.org/glsa/glsa-200705-04.xml
http://secunia.com/advisories/33723
http://secunia.com/advisories/33720
http://secunia.com/advisories/31493
http://secunia.com/advisories/31490
http://secunia.com/advisories/26290
http://secunia.com/advisories/26231
http://secunia.com/advisories/26084
http://secunia.com/advisories/25894
http://secunia.com/advisories/25730
http://secunia.com/advisories/25655
http://secunia.com/advisories/25432
http://secunia.com/advisories/25110
http://secunia.com/advisories/25072
http://secunia.com/advisories/24839
http://secunia.com/advisories/24678
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://rhn.redhat.com/errata/RHSA-2007-0395.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8349
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10987
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc

Related CVE
CVE-2017-5641
Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-e...
CVE-2017-15700
A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.
CVE-2017-12630
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Q...
CVE-2017-5663
In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endp...
CVE-2017-15708
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation (RMI). So Apache Synapse 3.0.1 or all previous releases (3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1) allows remote code execution attacks that can be performed ...
CVE-2017-15707
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
CVE-2017-12631
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4...
CVE-2017-3157
By exploiting the way Apache OpenOffice before 4.1.4 renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections...

Copyright 2018, cxsecurity.com

 

Back to Top