Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2007-1349

Published: 30/03/2007 Updated: 03/02/2022
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Apache

Vulnerability Summary

PerlRun.pm in Apache mod_perl prior to 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote malicious users to cause a denial of service (resource consumption) via a crafted URI.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache mod perl

canonical ubuntu linux 6.06

canonical ubuntu linux 6.10

canonical ubuntu linux 7.04

redhat satellite 5.1

redhat enterprise linux desktop 3.0

redhat enterprise linux desktop 4.0

redhat enterprise linux desktop 5.0

redhat enterprise linux eus 4.5

redhat enterprise linux server 3.0

redhat enterprise linux server 4.0

redhat enterprise linux server 5.0

redhat enterprise linux workstation 3.0

redhat enterprise linux workstation 4.0

redhat enterprise linux workstation 5.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2007-1349 - regex denial of service
Debian Bug report logs - #433549 CVE-2007-1349 - regex denial of service Package: libapache2-mod-perl2; Maintainer for libapache2-mod-perl2 is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Source for libapache2-mod-perl2 is src:libapache2-mod-perl2 (PTS, buildd, popcon) Reported by: Kees Cook <kees@out ...
Ubuntu Security Notice: libapache2-mod-perl2 vulnerability
Alex Solovey discovered that mod_perl did not correctly validate certain regular expression matches A remote attacker could send a specially crafted request to a web application using mod_perl, causing the web server to monopolize CPU resources This could lead to a remote denial of service ...

References

CWE-20http://www.gossamer-threads.com/lists/modperl/modperl/92739http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changeshttp://secunia.com/advisories/24678http://www.securityfocus.com/bid/23192http://secunia.com/advisories/24839http://www.novell.com/linux/security/advisories/2007_8_sr.htmlhttp://security.gentoo.org/glsa/glsa-200705-04.xmlhttp://secunia.com/advisories/25110http://secunia.com/advisories/25072http://support.avaya.com/elmodocs2/security/ASA-2007-293.htmhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:083http://rhn.redhat.com/errata/RHSA-2007-0395.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0486.htmlhttp://www.redhat.com/support/errata/RHSA-2007-0396.htmlftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.aschttp://www.novell.com/linux/security/advisories/2007_12_sr.htmlhttp://www.trustix.org/errata/2007/0023/http://www.ubuntu.com/usn/usn-488-1http://www.securitytracker.com/id?1018259http://secunia.com/advisories/25432http://secunia.com/advisories/25655http://secunia.com/advisories/25730http://secunia.com/advisories/25894http://secunia.com/advisories/26084http://secunia.com/advisories/26231http://secunia.com/advisories/26290http://www.redhat.com/support/errata/RHSA-2008-0261.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0630.htmlhttp://secunia.com/advisories/31493http://www.redhat.com/support/errata/RHSA-2008-0627.htmlhttp://secunia.com/advisories/31490http://secunia.com/advisories/33723http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1http://secunia.com/advisories/33720http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1http://www.vupen.com/english/advisories/2007/1150https://exchange.xforce.ibmcloud.com/vulnerabilities/33312https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8349https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10987https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433549https://usn.ubuntu.com/488-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook