Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apache Subscribe
Filtered by product Mod Perl
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-0796 1 Apache 2 Http Server, Mod Perl 2023-02-12 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2007-1349 3 Apache, Canonical, Redhat 7 Mod Perl, Ubuntu Linux, Enterprise Linux Desktop and 4 more 2022-02-03 5.0 MEDIUM N/A
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
CVE-2011-2767 4 Apache, Canonical, Debian and 1 more 7 Mod Perl, Ubuntu Linux, Debian Linux and 4 more 2019-09-24 10.0 HIGH 9.8 CRITICAL
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because (contrary to the documentation) there is no configuration option that permits Perl code for the administrator's control of HTTP request processing without also permitting unprivileged users to run Perl code in the context of the user account that runs Apache HTTP Server processes.