Code Injection in mod_perl - CVE-2011-2767
Published: November 24, 2019
Vulnerability identifier: #VU22945
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2011-2767
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apache Foundation
Affected software:
mod_perl
mod_perl
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to absence of functionality that can be used to disable execution of Perl code if placed into .htaccess file. A remote attacker with access to the web server can modify Apache .htaccess file, insert Perl code into it and execute the code on the server with privileges of Apache HTTP server.
Successful exploitation of this vulnerability requires that mod_perl is installed and that the attacker is able to modify .htaccess files.
How to mitigate CVE-2011-2767
Install updates from vendor's website.
Sources
- https://access.redhat.com/errata/RHSA-2018:2737
- https://access.redhat.com/errata/RHSA-2018:2825
- https://access.redhat.com/errata/RHSA-2018:2826
- https://bugs.debian.org/644169
- https://lists.apache.org/thread.html/c8ebe8aad147a3ad2e7b0e8b2da45263171ab5d0fc7f8c100feaa94d@%3Cmodperl-cvs.perl.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2018/09/msg00018.html
- https://mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3E