CVE-2007-1349

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Resource Management Error
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2004-0488, CVE-2004-0687, CVE-2004-0688, CVE-2004-0700, CVE-2004-0885, CVE-2004-0914, CVE-2005-0605, CVE-2005-2090, CVE-2005-3352, CVE-2005-3510, CVE-2005-3964, CVE-2005-4838, CVE-2006-0254, CVE-2006-0898, CVE-2006-1329, CVE-2006-3835, CVE-2006-3918, CVE-2006-5752, CVE-2006-7195, CVE-2006-7196, CVE-2006-7197, CVE-2007-0243, CVE-2007-0450, CVE-2007-1355, CVE-2007-1358, CVE-2007-1860, CVE-2007-1863, CVE-2007-2435, CVE-2007-2449, CVE-2007-2450, CVE-2007-2788, CVE-2007-2789, CVE-2007-3304, CVE-2007-3382, CVE-2007-3385, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-5116, CVE-2007-5333, CVE-2007-5461, CVE-2007-5961, CVE-2007-6306, CVE-2007-6388, CVE-2008-0005, CVE-2008-0128, CVE-2008-1232, CVE-2008-1927, CVE-2008-2364, CVE-2008-2369, CVE-2008-2370, CVE-2008-2939, CVE-2008-5515, CVE-2009-0023, CVE-2009-0033, CVE-2009-0580, CVE-2009-1891, CVE-2009-1955, CVE-2009-1956, CVE-2009-2412, CVE-2009-3094, CVE-2009-3095, CVE-2009-4901, CVE-2009-4902, CVE-2010-0407, CVE-2010-0434

Published on 30/03/07 - Updated on 11/10/17

Description

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Category: Resource Management Error

CWE-399 (Resource Management Errors)
Weaknesses in this category are related to improper management of system resources.

Security Notices

US National Vulnerability DatabaseCVE-2007-1349
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2007-AVI-151
Redhat RHSA-2008:0261, RHSA-2008:0263, RHSA-2008:0523, RHSA-2008:0524, RHSA-2008:0627, RHSA-2008:0630, RHSA-2010:0602
Renater 2009/VULN028

Exploits

SecurityFocusBID-23192

Relative technologies

VendorProduct
apacheapache_test
apachehttp_server
apachemod_perl

Share this vulnerability with:

Twitter Facebook LinkedIn Mail