mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: debian
Published: 2018-08-26T16:00:00
Updated: 2019-11-24T12:07:02
Reserved: 2011-07-19T00:00:00
Link: CVE-2011-2767
JSON object: View
NVD Information
Status : Modified
Published: 2018-08-26T16:29:00.230
Modified: 2023-11-07T02:07:45.910
Link: CVE-2011-2767
JSON object: View
Redhat Information
No data.
CWE