CVE-2007-1349

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Published: Mar 30, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-1349
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
apache / mod_perl	-	1.30
apache / mod_perl	2.0.0	2.0.11.x
canonical / ubuntu_linux	7.04	7.04.x
canonical / ubuntu_linux	6.10	6.10.x
canonical / ubuntu_linux	6.06	6.06.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_desktop	3.0	3.0.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux_desktop	4.0	4.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
redhat / enterprise_linux_server	4.0	4.0.x
redhat / enterprise_linux_workstation	4.0	4.0.x
redhat / enterprise_linux_workstation	3.0	3.0.x
redhat / enterprise_linux_server	3.0	3.0.x
redhat / enterprise_linux_eus	4.5	4.5.x
redhat / satellite	5.1	5.1.x

Vulnerability Database

289,599

CVE-2007-1349