Vulnerability Details : CVE-2007-1349
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2007-1349
- cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:4.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:mod_perl:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:mod_perl:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Threat overview for CVE-2007-1349
Top countries where our scanners detected CVE-2007-1349
Top open port discovered on systems with this issue
80
IPs affected by CVE-2007-1349 22,415
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-1349!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-1349
0.50%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1349
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2007-1349
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-1349
-
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1
Broken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33312
mod_perl path_info parameter denial of service CVE-2007-1349 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2007/1150
Site en constructionThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0627.html
SupportThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-200705-04.xml
Apache mod_perl: Denial of service (GLSA 200705-04) — Gentoo securityThird Party Advisory
-
http://www.trustix.org/errata/2007/0023/
Trustix | Empowering Trust and Security in the Digital AgeBroken Link
-
http://www.novell.com/linux/security/advisories/2007_8_sr.html
404 Page Not Found | SUSEBroken Link
-
http://www.ubuntu.com/usn/usn-488-1
USN-488-1: mod_perl vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2008-0630.html
RHSA-2008:0630 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes
Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:083
MandrivaThird Party Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
Broken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8349
404 Not FoundThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2007-0395.html
RHSA-2007:0395 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.gossamer-threads.com/lists/modperl/modperl/92739
Carbon60: Managed Cloud ServicesThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-0486.html
SupportThird Party Advisory
-
http://www.securitytracker.com/id?1018259
Access DeniedThird Party Advisory;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2007-0396.html
SupportThird Party Advisory
-
http://www.novell.com/linux/security/advisories/2007_12_sr.html
404 Page Not Found | SUSEBroken Link
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1
Broken Link
-
http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm
ASA-2007-293 (RHSA-2007-0486, RHSA-2007-0395)Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2008-0261.html
SupportThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10987
404 Not FoundThird Party Advisory
-
http://www.securityfocus.com/bid/23192
Third Party Advisory;VDB Entry
Jump to