On Sun, Aug 26, 2018 at 04:26:09PM +0200, Salvatore Bonaccorso wrote:
> Hi
>
> Back in 2011 after this bug was reported, for the security implication
> mentioned, CVE-2011-2767 was assigned. mod_perl checks .htaccess files
> for sections, and users allowed to write to .htaccess files can
> run
Hi
The MITRE CVE entry for CVE-2011-2767 is now populated:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2767
Regards,
Salvatore
Hi
Back in 2011 after this bug was reported, for the security implication
mentioned, CVE-2011-2767 was assigned. mod_perl checks .htaccess files
for sections, and users allowed to write to .htaccess files can
run code as the user running the web server, leading to privilege
escalation.
This can
Here is a patch that ensures that Perl (and Pod) sections are only
allowed in the server configuration and not per directory, which
incidentally matches the specification table here:
http://perl.apache.org/docs/2.0/user/config/config.html#mod_perl_Directives_Argument_Types_and_Allowed_Location
One more thing:
Disallowing POD sections per-directory breaks some of the tests, that
is, those tests that use Location.
The security risk in allowing POD sections is perhaps low enough that
this part of the patch can be skipped, but I didn't see any sense in
permitting POD sections when other
tags 644169 confirmed
found 644169 2.0.5-2
thanks
-=| Jan Ingvoldstad, 03.10.2011 17:08:52 +0200 |=-
I'm unable to disable Perl sections, as described here:
http://perl.apache.org/docs/2.0/user/config/config.html#C_Perl_Handler_
So, according to the documentation, I should be able to
Package: libapache2-mod-perl2
Version: 2.0.4-7
Severity: important
I'm unable to disable Perl sections, as described here:
http://perl.apache.org/docs/2.0/user/config/config.html#C_Perl_Handler_
Note: all configuration options below and screen output is indented by
two spaces intentionally.
7 matches
Mail list logo
