PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Apache
  • Mod Perl
Canonical
  • Ubuntu Linux
Redhat
  • Certificate System
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Eus
  • Enterprise Linux Server
  • Enterprise Linux Workstation
  • Network Proxy
  • Network Satellite
  • Rhel Application Stack
  • Satellite

Configuration 1 [-]

OR cpe:2.3:a:apache:mod_perl:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:mod_perl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:redhat:satellite:5.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:4.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Certificate System 7.3
ant-0:1.6.5-1jpp_1rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
avalon-logkit-0:1.2-2jpp_4rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
axis-0:1.2.1-1jpp_3rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
classpathx-jaf-0:1.0-2jpp_6rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
classpathx-mail-0:1.1.1-2jpp_8rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
geronimo-specs-0:1.0-0.M4.1jpp_10rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
jakarta-commons-modeler-0:2.0-3jpp_2rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
log4j-0:1.2.12-1jpp_1rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
mx4j-1:3.0.1-1jpp_4rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
pcsc-lite-0:1.3.3-3.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-ca-0:7.3.0-20.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-java-tools-0:7.3.0-10.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-kra-0:7.3.0-14.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-manage-0:7.3.0-19.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-native-tools-0:7.3.0-6.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-ocsp-0:7.3.0-13.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
rhpki-tks-0:7.3.0-13.el4 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
tomcat5-0:5.5.23-0jpp_4rh.16 cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
xerces-j2-0:2.7.1-1jpp_1rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
xml-commons-0:1.3.02-2jpp_1rh cpe:/a:redhat:certificate_system:7.3 RHSA-2010:0602 2010-08-04T00:00:00Z
Red Hat Enterprise Linux 2.1
mod_perl-0:1.26-8.el2 cpe:/o:redhat:enterprise_linux:2.1 RHSA-2007:0486 2007-06-18T00:00:00Z
Red Hat Enterprise Linux 3
mod_perl-0:1.99_09-12.ent cpe:/o:redhat:enterprise_linux:3 RHSA-2007:0395 2007-06-14T00:00:00Z
Red Hat Enterprise Linux 4
mod_perl-0:1.99_16-4.5 cpe:/o:redhat:enterprise_linux:4 RHSA-2007:0395 2007-06-14T00:00:00Z
Red Hat Enterprise Linux 5
mod_perl-0:2.0.2-6.3.el5 cpe:/o:redhat:enterprise_linux:5 RHSA-2007:0395 2007-06-14T00:00:00Z
Red Hat Network Proxy v 4.2 (RHEL 3)
jabberd-0:2.0s10-3.37.rhn cpe:/a:redhat:network_proxy:4.2::el3 RHSA-2008:0523 2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel3 cpe:/a:redhat:network_proxy:4.2::el3 RHSA-2008:0523 2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel3 cpe:/a:redhat:network_proxy:4.2::el3 RHSA-2008:0523 2008-06-30T00:00:00Z
Red Hat Network Proxy v 4.2 (RHEL 4)
jabberd-0:2.0s10-3.38.rhn cpe:/a:redhat:network_proxy:4.2::el4 RHSA-2008:0523 2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4 cpe:/a:redhat:network_proxy:4.2::el4 RHSA-2008:0523 2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel4 cpe:/a:redhat:network_proxy:4.2::el4 RHSA-2008:0523 2008-06-30T00:00:00Z
Red Hat Network Proxy v 5.0
jabberd-0:2.0s10-3.38.rhn cpe:/a:redhat:network_proxy:5.0::el4 RHSA-2008:0263 2008-05-20T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4 cpe:/a:redhat:network_proxy:5.0::el4 RHSA-2008:0263 2008-05-20T00:00:00Z
rhn-modperl-0:1.29-16.rhel4 cpe:/a:redhat:network_proxy:5.0::el4 RHSA-2008:0263 2008-05-20T00:00:00Z
Red Hat Network Proxy v 5.1
mod_perl-0:2.0.2-12.el4 cpe:/a:redhat:network_proxy:5.1::el4 RHSA-2008:0627 2008-08-13T00:00:00Z
Red Hat Network Satellite Server v 4.2
jabberd-0:2.0s10-3.38.rhn cpe:/a:redhat:network_satellite:4.2::el4 RHSA-2008:0524 2008-06-30T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 cpe:/a:redhat:network_satellite:4.2::el4 RHSA-2008:0524 2008-06-30T00:00:00Z
jfreechart-0:0.9.20-3.rhn cpe:/a:redhat:network_satellite:4.2::el4 RHSA-2008:0524 2008-06-30T00:00:00Z
openmotif21-0:2.1.30-11.RHEL4.6 cpe:/a:redhat:network_satellite:4.2::el4 RHSA-2008:0524 2008-06-30T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4 cpe:/a:redhat:network_satellite:4.2::el4 RHSA-2008:0524 2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4 cpe:/a:redhat:network_satellite:4.2::el4 RHSA-2008:0524 2008-06-30T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel4 cpe:/a:redhat:network_satellite:4.2::el4 RHSA-2008:0524 2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel4 cpe:/a:redhat:network_satellite:4.2::el4 RHSA-2008:0524 2008-06-30T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel4 cpe:/a:redhat:network_satellite:4.2::el4 RHSA-2008:0524 2008-06-30T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh cpe:/a:redhat:network_satellite:4.2::el4 RHSA-2008:0524 2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 4.2 (RHEL3)
jabberd-0:2.0s10-3.37.rhn cpe:/a:redhat:network_satellite:4.2::el3 RHSA-2008:0524 2008-06-30T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3 cpe:/a:redhat:network_satellite:4.2::el3 RHSA-2008:0524 2008-06-30T00:00:00Z
jfreechart-0:0.9.20-3.rhn cpe:/a:redhat:network_satellite:4.2::el3 RHSA-2008:0524 2008-06-30T00:00:00Z
openmotif21-0:2.1.30-9.RHEL3.8 cpe:/a:redhat:network_satellite:4.2::el3 RHSA-2008:0524 2008-06-30T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el3 cpe:/a:redhat:network_satellite:4.2::el3 RHSA-2008:0524 2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel3 cpe:/a:redhat:network_satellite:4.2::el3 RHSA-2008:0524 2008-06-30T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel3 cpe:/a:redhat:network_satellite:4.2::el3 RHSA-2008:0524 2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel3 cpe:/a:redhat:network_satellite:4.2::el3 RHSA-2008:0524 2008-06-30T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel3 cpe:/a:redhat:network_satellite:4.2::el3 RHSA-2008:0524 2008-06-30T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh cpe:/a:redhat:network_satellite:4.2::el3 RHSA-2008:0524 2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 5.0
jabberd-0:2.0s10-3.38.rhn cpe:/a:redhat:network_satellite:5.0:el4 RHSA-2008:0261 2008-05-20T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4 cpe:/a:redhat:network_satellite:5.0:el4 RHSA-2008:0261 2008-05-20T00:00:00Z
jfreechart-0:0.9.20-3.rhn cpe:/a:redhat:network_satellite:5.0:el4 RHSA-2008:0261 2008-05-20T00:00:00Z
openmotif21-0:2.1.30-11.RHEL4.6 cpe:/a:redhat:network_satellite:5.0:el4 RHSA-2008:0261 2008-05-20T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4 cpe:/a:redhat:network_satellite:5.0:el4 RHSA-2008:0261 2008-05-20T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4 cpe:/a:redhat:network_satellite:5.0:el4 RHSA-2008:0261 2008-05-20T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel4 cpe:/a:redhat:network_satellite:5.0:el4 RHSA-2008:0261 2008-05-20T00:00:00Z
rhn-modperl-0:1.29-16.rhel4 cpe:/a:redhat:network_satellite:5.0:el4 RHSA-2008:0261 2008-05-20T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel4 cpe:/a:redhat:network_satellite:5.0:el4 RHSA-2008:0261 2008-05-20T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh cpe:/a:redhat:network_satellite:5.0:el4 RHSA-2008:0261 2008-05-20T00:00:00Z
Red Hat Network Satellite Server v 5.1
jfreechart-0:0.9.20-3.rhn cpe:/a:redhat:network_satellite:5.1::el4 RHSA-2008:0630 2008-08-13T00:00:00Z
mod_perl-0:2.0.2-12.el4 cpe:/a:redhat:network_satellite:5.1::el4 RHSA-2008:0630 2008-08-13T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4 cpe:/a:redhat:network_satellite:5.1::el4 RHSA-2008:0630 2008-08-13T00:00:00Z
rhn-web-0:5.1.1-7 cpe:/a:redhat:network_satellite:5.1::el4 RHSA-2008:0630 2008-08-13T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh cpe:/a:redhat:network_satellite:5.1::el4 RHSA-2008:0630 2008-08-13T00:00:00Z
Red Hat Web Application Stack for RHEL 4
mod_perl-0:2.0.3-1.el4s1.3 cpe:/a:redhat:rhel_application_stack:1 RHSA-2007:0396 2007-06-20T00:00:00Z
References
Link Providers
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2007-0395.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2008-0630.html cve-icon cve-icon
http://secunia.com/advisories/24678 cve-icon cve-icon
http://secunia.com/advisories/24839 cve-icon cve-icon
http://secunia.com/advisories/25072 cve-icon cve-icon
http://secunia.com/advisories/25110 cve-icon cve-icon
http://secunia.com/advisories/25432 cve-icon cve-icon
http://secunia.com/advisories/25655 cve-icon cve-icon
http://secunia.com/advisories/25730 cve-icon cve-icon
http://secunia.com/advisories/25894 cve-icon cve-icon
http://secunia.com/advisories/26084 cve-icon cve-icon
http://secunia.com/advisories/26231 cve-icon cve-icon
http://secunia.com/advisories/26290 cve-icon cve-icon
http://secunia.com/advisories/31490 cve-icon cve-icon
http://secunia.com/advisories/31493 cve-icon cve-icon
http://secunia.com/advisories/33720 cve-icon cve-icon
http://secunia.com/advisories/33723 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200705-04.xml cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1 cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm cve-icon cve-icon
http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes cve-icon cve-icon
http://www.gossamer-threads.com/lists/modperl/modperl/92739 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2007:083 cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2007_12_sr.html cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2007_8_sr.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-0396.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-0486.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0261.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0627.html cve-icon cve-icon
http://www.securityfocus.com/bid/23192 cve-icon cve-icon
http://www.securitytracker.com/id?1018259 cve-icon cve-icon
http://www.trustix.org/errata/2007/0023/ cve-icon cve-icon
http://www.ubuntu.com/usn/usn-488-1 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/1150 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/33312 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2007-1349 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10987 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8349 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2007-1349 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-07T12:50:35.306Z

Reserved: 2007-03-08T00:00:00

Link: CVE-2007-1349

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2007-03-30T00:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1349

cve-icon Redhat

Severity : Moderate

Publid Date: 2007-03-22T00:00:00Z

Links: CVE-2007-1349 - Bugzilla