Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-2767

Опубликовано: 26 авг. 2018
Источник: nvd
CVSS3: 9.8
CVSS2: 10
EPSS Низкий

Описание

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:mod_perl:*:*:*:*:*:*:*:*
Версия от 2.0.0 (включая) до 2.0.10 (включая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

EPSS

Процентиль: 90%
0.05542
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

ubuntu логотип

CVE-2011-2767

CVSS3: 9.8
ubuntu
около 7 лет назад

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.

redhat логотип

CVE-2011-2767

CVSS3: 6.3
redhat
около 14 лет назад

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.

debian логотип

CVE-2011-2767

CVSS3: 9.8
debian
около 7 лет назад

mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl ...

suse-cvrf логотип

openSUSE-SU-2019:2549-1

suse-cvrf
почти 6 лет назад

Security update for apache2-mod_perl

suse-cvrf логотип

SUSE-SU-2020:14266-1

suse-cvrf
почти 6 лет назад

Security update for apache2-mod_perl

EPSS

Процентиль: 90%
0.05542
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-94