Back to search
CVE-2011-2767
Published: Aug 26, 2018
Modified: Aug 6, 2024
PUBLISHED
Description
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
| Vendor | Product | Versions |
|---|---|---|
n/a | mod_perl 2.0 through 2.0.10 | affected mod_perl 2.0 through 2.0.10 |
References
[debian-lts-announce] 20180918 [SECURITY] [DLA 1507-1] libapache2-mod-perl2 security update
mailing-list
x_refsource_MLIST
105195
vdb-entry
x_refsource_BID
USN-3825-1
vendor-advisory
x_refsource_UBUNTU
https://bugs.debian.org/644169
x_refsource_MISC
RHSA-2018:2826
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2825
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2737
vendor-advisory
x_refsource_REDHAT
USN-3825-2
vendor-advisory
x_refsource_UBUNTU
[perl-modperl-cvs] 20190924 svn commit: r1867470 - /perl/modperl/trunk/src/modules/perl/mod_perl.c
mailing-list
x_refsource_MLIST
openSUSE-SU-2019:2549
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2019:2558
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now