Home

CVE-2007-1349

Description

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
17.687

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2007:0395) Low: mod_perl security update mod_perl-2.0.2-6.3.el5.i386.rpmLinux
(RHSA-2007:0395) Low: mod_perl security update mod_perl-2.0.2-6.3.el5.x86_64.rpmLinux
(RHSA-2007:0395) Low: mod_perl security update mod_perl-devel-2.0.2-6.3.el5.i386.rpmLinux
(RHSA-2007:0395) Low: mod_perl security update mod_perl-devel-2.0.2-6.3.el5.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234