VYPR

Mod Perl

by Apache

CVEs (4)

  • CVE-2011-2767CriAug 26, 2018
    risk 0.64cvss 9.8epss 0.09

    mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing…

  • CVE-2009-0796Apr 7, 2009
    risk 0.05cvss epss 0.30

    Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.

  • CVE-2000-0883Nov 14, 2000
    risk 0.04cvss epss 0.09

    The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.

  • CVE-2007-1349Mar 30, 2007
    risk 0.01cvss epss 0.10

    PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.