Apache 'mod_perl' CVE-2011-2767 Arbitrary Code Execution Vulnerability

Bugtraq ID:	105195
Class:	Design Error
CVE:	CVE-2011-2767
Remote:	Yes
Local:	No
Published:	Oct 03 2011 12:00AM
Updated:	Oct 29 2018 06:00PM
Credit:	Jan Ingvoldstad
Vulnerable:	Oracle Linux 7 Oracle Linux 6.0 Apache mod_perl 2.0.10 Apache mod_perl 2.0.9 Apache mod_perl 2.0.8 Apache mod_perl 2.0.7 Apache mod_perl 2.0.6 Apache mod_perl 2.0.5 Apache mod_perl 2.0.4 Apache mod_perl 2.0.3 Apache mod_perl 2.0.2 Apache mod_perl 2.0.1
Not Vulnerable:

Apache 'mod_perl' CVE-2011-2767 Arbitrary Code Execution Vulnerability

Apache 'mod_perl' module is prone to an arbitrary code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

'mod_perl' 2.0 through 2.0.10 are vulnerable.

Apache 'mod_perl' CVE-2011-2767 Arbitrary Code Execution Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

Apache 'mod_perl' CVE-2011-2767 Arbitrary Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Apache 'mod_perl' CVE-2011-2767 Arbitrary Code Execution Vulnerability

References:

• Apache Homepage (Apache)
  
• Debian Bug report logs - #644169 (Debian)
  
• Oracle Linux Bulletin - October 2018 (Oracle)
  
• PerlOptions -Sections not permitted in server config (Apache)