CVE-2007-1349

mod_perl PerlRun denial of service

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

PerlRun.pm en Apache mod_perl versiones anteriores a 1.30, y RegistryCooker.pm en mod_perl versiones 2.x, no escapa correctamente el PATH_INFO antes de usarlo en una expresión regular, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) por medio de un URI especialmente diseñado.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-03-08 CVE Reserved
2007-03-30 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (41)

URL	Tag	Source
http://secunia.com/advisories/24678	Third Party Advisory
http://secunia.com/advisories/24839	Third Party Advisory
http://secunia.com/advisories/25072	Third Party Advisory
http://secunia.com/advisories/25110	Third Party Advisory
http://secunia.com/advisories/25432	Third Party Advisory
http://secunia.com/advisories/25655	Third Party Advisory
http://secunia.com/advisories/25730	Third Party Advisory
http://secunia.com/advisories/25894	Third Party Advisory
http://secunia.com/advisories/26084	Third Party Advisory
http://secunia.com/advisories/26231	Third Party Advisory
http://secunia.com/advisories/26290	Third Party Advisory
http://secunia.com/advisories/31490	Third Party Advisory
http://secunia.com/advisories/31493	Third Party Advisory
http://secunia.com/advisories/33720	Third Party Advisory
http://secunia.com/advisories/33723	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm	Third Party Advisory
http://www.gossamer-threads.com/lists/modperl/modperl/92739	Third Party Advisory
http://www.securityfocus.com/bid/23192	Third Party Advisory
http://www.securitytracker.com/id?1018259	Third Party Advisory
http://www.vupen.com/english/advisories/2007/1150	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33312	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10987	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8349	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc	2022-02-03
http://rhn.redhat.com/errata/RHSA-2007-0395.html	2022-02-03
http://rhn.redhat.com/errata/RHSA-2008-0630.html	2022-02-03
http://security.gentoo.org/glsa/glsa-200705-04.xml	2022-02-03
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1	2022-02-03
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1	2022-02-03
http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes	2022-02-03
http://www.mandriva.com/security/advisories?name=MDKSA-2007:083	2022-02-03
http://www.novell.com/linux/security/advisories/2007_12_sr.html	2022-02-03
http://www.novell.com/linux/security/advisories/2007_8_sr.html	2022-02-03
http://www.redhat.com/support/errata/RHSA-2007-0396.html	2022-02-03
http://www.redhat.com/support/errata/RHSA-2007-0486.html	2022-02-03
http://www.redhat.com/support/errata/RHSA-2008-0261.html	2022-02-03
http://www.redhat.com/support/errata/RHSA-2008-0627.html	2022-02-03
http://www.trustix.org/errata/2007/0023	2022-02-03
http://www.ubuntu.com/usn/usn-488-1	2022-02-03
https://access.redhat.com/security/cve/CVE-2007-1349	2010-08-04
https://bugzilla.redhat.com/show_bug.cgi?id=240423	2010-08-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Mod Perl Search vendor "Apache" for product "Mod Perl"				< 1.30 Search vendor "Apache" for product "Mod Perl" and version " < 1.30"		-		Affected
Apache Search vendor "Apache"		Mod Perl Search vendor "Apache" for product "Mod Perl"				>= 2.0.0 <= 2.0.11 Search vendor "Apache" for product "Mod Perl" and version " >= 2.0.0 <= 2.0.11"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"		-		Affected
Redhat Search vendor "Redhat"		Satellite Search vendor "Redhat" for product "Satellite"				5.1 Search vendor "Redhat" for product "Satellite" and version "5.1"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				3.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "3.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				4.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "4.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				4.5 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "4.5"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				3.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "3.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				4.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "4.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				3.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "3.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				4.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "4.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0"		-		Affected