CVE-2007-1349

2007-03-3000:19:00

CWE-20

[email protected]

web.nvd.nist.gov

201

apache

mod_perl

cve-2007-1349

vulnerability

security

denial of service

nvd

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

77.8%

JSON

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

CPENameOperatorVersion
apache:mod_perlapache mod perllt1.30
apache:mod_perlapache mod perlle2.0.11
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
redhat:enterprise_linux_serverredhat enterprise linux servereq5.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq3.0
redhat:enterprise_linux_workstationredhat enterprise linux workstationeq5.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq4.0
redhat:enterprise_linux_desktopredhat enterprise linux desktopeq5.0

CPE	Name	Operator	Version
apache:mod_perl	apache mod perl	lt	1.30
apache:mod_perl	apache mod perl	le	2.0.11
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06
redhat:enterprise_linux_server	redhat enterprise linux server	eq	5.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	3.0
redhat:enterprise_linux_workstation	redhat enterprise linux workstation	eq	5.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	4.0
redhat:enterprise_linux_desktop	redhat enterprise linux desktop	eq	5.0