CVE-2011-2767

Public on 2018-10-03
Modified on 2018-10-04
Description
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
Severity
Important
CVSS v3 Base Score
6.3
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 mod24_perl 2018-10-03 02:54 ALAS-2018-1085
Amazon Linux 1 mod_perl 2018-10-03 02:54 ALAS-2018-1085

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
NVD CVSSv2 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
NVD CVSSv3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H