CVE-2007-1349

Published: Mar 30, 2007Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Affected (16)

Products: Apache: Mod Perl · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Workstation, Satellite

1 product

1 product

5 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

Satellite

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apache Mod Perl	Before 1.30
Apache Mod Perl	From 2.0.0 to 2.0.11

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 6.10
Canonical Ubuntu Linux	Version 7.04

Configuration C

11 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 3.0
Redhat Enterprise Linux Desktop	Version 4.0
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Eus	Version 4.5
Redhat Enterprise Linux Server	Version 3.0
Redhat Enterprise Linux Server	Version 4.0
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Workstation	Version 3.0
Redhat Enterprise Linux Workstation	Version 4.0
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Satellite	Version 5.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (78)

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc (unsafe URL)

Source: secalert@redhat.com

Broken Link

http://rhn.redhat.com/errata/RHSA-2007-0395.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2008-0630.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/24678

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/24839

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/25072

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/25110

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/25432

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/25655

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/25730

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/25894

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/26084

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/26231

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/26290

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/31490

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/31493

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33720

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33723

Source: secalert@redhat.com

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200705-04.xml

Source: secalert@redhat.com

Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1

Source: secalert@redhat.com

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1

Source: secalert@redhat.com

Broken Link

http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm

Source: secalert@redhat.com

Third Party Advisory

http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes

Source: secalert@redhat.com

Vendor Advisory

http://www.gossamer-threads.com/lists/modperl/modperl/92739

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2007:083

Source: secalert@redhat.com

Third Party Advisory

http://www.novell.com/linux/security/advisories/2007_12_sr.html

Source: secalert@redhat.com

Broken Link

http://www.novell.com/linux/security/advisories/2007_8_sr.html

Source: secalert@redhat.com

Broken Link

http://www.redhat.com/support/errata/RHSA-2007-0396.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-0486.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0261.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0627.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/23192

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1018259

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.trustix.org/errata/2007/0023/

Source: secalert@redhat.com

Broken Link

http://www.ubuntu.com/usn/usn-488-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2007/1150

Source: secalert@redhat.com

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/33312

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10987

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8349

Source: secalert@redhat.com

Third Party Advisory

ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc (unsafe URL)