Critical severity9.8NVD Advisory· Published Aug 26, 2018· Updated Jun 16, 2026
CVE-2011-2767
CVE-2011-2767
Description
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14- osv-coords13 versionspkg:rpm/opensuse/apache2-mod_perl&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/apache2-mod_perl&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/apache2-mod_perl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/apache2-mod_perl&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/apache2-mod_perl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/apache2-mod_perl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/apache2-mod_perl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/apache2-mod_perl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/apache2-mod_perl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/apache2-mod_perl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/apache2-mod_perl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/apache2-mod_perl&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/apache2-mod_perl&distro=SUSE%20Package%20Hub%2015%20SP1
< 2.0.11-lp151.3.3.1+ 12 more
- (no CPE)range: < 2.0.11-lp151.3.3.1
- (no CPE)range: < 2.0.11-lp151.3.3.1
- (no CPE)range: < 2.0.11-2.12
- (no CPE)range: < 2.0.4-40.63.3.3
- (no CPE)range: < 2.0.4-40.63.3.3
- (no CPE)range: < 2.0.8-13.5.1
- (no CPE)range: < 2.0.8-13.5.1
- (no CPE)range: < 2.0.8-13.5.1
- (no CPE)range: < 2.0.8-13.5.1
- (no CPE)range: < 2.0.8-13.5.1
- (no CPE)range: < 2.0.8-13.5.1
- (no CPE)range: < 2.0.11-bp151.4.3.1
- (no CPE)range: < 2.0.11-bp151.4.3.1
Patches
Vulnerability mechanics
References
12- www.securityfocus.com/bid/105195nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:2737nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2825nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2826nvdThird Party Advisory
- bugs.debian.org/644169nvdIssue TrackingMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/09/msg00018.htmlnvdMailing ListThird Party Advisory
- mail-archives.apache.org/mod_mbox/perl-modperl/201110.mbox/raw/%3C20111004084343.GA21290%40ktnx.net%3EnvdMailing ListThird Party Advisory
- usn.ubuntu.com/3825-1/nvdThird Party Advisory
- usn.ubuntu.com/3825-2/nvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-11/msg00063.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2019-11/msg00065.htmlnvd
- lists.apache.org/thread.html/c8ebe8aad147a3ad2e7b0e8b2da45263171ab5d0fc7f8c100feaa94d%40%3Cmodperl-cvs.perl.apache.org%3Envd
News mentions
0No linked articles in our index yet.