rh-perl524-mod_perl-2.0.9-10.el7
エラータID: AXSA:2019-3444:01
Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code.
Security Fix(es):
* mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2011-2767
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
Update packages.
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.
N/A
SRPMS
- rh-perl524-mod_perl-2.0.9-10.el7.src.rpm
MD5: 3f2b558278318009fdc4014b6ea63d60
SHA-256: 100583ca5be4768e4b7c479c89f6867b68f386902ae67593cd997e1a83c7b6fd
Size: 3.69 MB
Asianux Server 7 for x86_64
- rh-perl524-mod_perl-2.0.9-10.el7.x86_64.rpm
MD5: cae12680f81667e3950ebef7ee33aaaf
SHA-256: 537421cb98095c194b4a0bc30eee4b68094eb30ea3a56b6433fa2db7a8d9ed70
Size: 2.98 MB - rh-perl524-mod_perl-devel-2.0.9-10.el7.x86_64.rpm
MD5: 4aafa691b0a8e7d28372833ccf356859
SHA-256: e3e45572123bf9b5ce7d79265f7393875dca32d0488ac34ef161953749e2ad98
Size: 286.45 kB