MGASA-2018-0474

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2018-0474.html

Import Source

https://advisories.mageia.org/MGASA-2018-0474.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2018-0474

Related

CVE-2011-2767

Published

2018-12-02T22:15:20Z

Modified

2018-12-02T21:49:58Z

Summary

Updated apache-mod_perl packages fix security vulnerability

Details

A flaw was found in mod_perl 2.0 through 2.0.10 which allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes (CVE-2011-2767).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / apache-mod_perl

Package

Name: apache-mod_perl
Purl: pkg:rpm/mageia/apache-mod_perl?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.10-1.1.mga6

Ecosystem specific

{
    "section": "core"
}