CVE-2011-2767 : mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by p

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.

Published 2018-08-26 16:29:00

Updated 2019-09-24 18:15:10

Source Debian GNU/Linux

View at NVD, CVE.org

Products affected by CVE-2011-2767

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 6.7
cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Apache » Mod Perl
Versions from including (>=) 2.0.0 and up to, including, (<=) 2.0.10
cpe:2.3:a:apache:mod_perl:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2011-2767

Top countries where our scanners detected CVE-2011-2767

Top open port discovered on systems with this issue 80

IPs affected by CVE-2011-2767 40,313

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2011-2767!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2011-2767

EPSS FAQ

4.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-2767

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2011-2767

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-2767

https://access.redhat.com/errata/RHSA-2018:2826

RHSA-2018:2826 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.html

Server Error
https://bugs.debian.org/644169

#644169 - libapache2-mod-perl2: PerlOptions -Sections not permitted in server config, but should be - Debian Bug report logs
Issue Tracking;Mailing List;Third Party Advisory
http://www.securityfocus.com/bid/105195

Apache 'mod_perl' CVE-2011-2767 Arbitrary Code Execution Vulnerability
Third Party Advisory;VDB Entry
https://usn.ubuntu.com/3825-1/

USN-3825-1: mod_perl vulnerability | Ubuntu security notices
Third Party Advisory
https://usn.ubuntu.com/3825-2/

USN-3825-2: mod_perl vulnerability | Ubuntu security notices
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00018.html

[SECURITY] [DLA 1507-1] libapache2-mod-perl2 security update
Mailing List;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00065.html
https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E

Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/c8ebe8aad147a3ad2e7b0e8b2da45263171ab5d0fc7f8c100feaa94d@%3Cmodperl-cvs.perl.apache.org%3E

svn commit: r1867470 - /perl/modperl/trunk/src/modules/perl/mod_perl.c - Pony Mail
https://access.redhat.com/errata/RHSA-2018:2737

RHSA-2018:2737 - Security Advisory - Red Hat Customer Portal
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2825

RHSA-2018:2825 - Security Advisory - Red Hat Customer Portal
Third Party Advisory