mod_perl2 -- execute arbitrary Perl code
mod_perl2 2.0.11 fixes Arbitrary Perl code execution in the context
of the user account via a user-owned .htaccess.
mod_perl 2.0 through 2.0.10 allows attackers to execute arbitrary
Perl code by placing it in a user-owned .htaccess file, because
(contrary to the documentation) there is no configuration option
that permits Perl code for the administrator's control of HTTP
request processing without also permitting unprivileged users
to run Perl code in the context of the user account that runs
Apache HTTP Server processes.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright