CVE-2011-2767
Summary
| CVE | CVE-2011-2767 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-08-26 16:29:00 UTC |
| Updated | 2023-11-07 02:07:00 UTC |
| Description | mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Mod Perl | All | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.10 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Pony Mail! | lists.apache.org | ||
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| USN-3825-2: mod_perl vulnerability | Ubuntu security notices | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| Apache 'mod_perl' CVE-2011-2767 Arbitrary Code Execution Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| [security-announce] openSUSE-SU-2019:2558-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA212... | MISC | mail-archives.apache.org | Mailing List, Third Party Advisory |
| USN-3825-1: mod_perl vulnerability | Ubuntu security notices | UBUNTU | usn.ubuntu.com | Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | |
| #644169 - libapache2-mod-perl2: PerlOptions -Sections not permitted in server config, but should be - Debian Bug report logs | MISC | bugs.debian.org | Issue Tracking, Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| [security-announce] openSUSE-SU-2019:2549-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| [SECURITY] [DLA 1507-1] libapache2-mod-perl2 security update | MLIST | lists.debian.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.