CVE-2007-1349 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-1349
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-1349

Description: PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-488-1 TRUSTIX http://www.trustix.org/errata/2007/0023/ SUSE http://www.novell.com/linux/security/advisories/2007_12_sr.html http://www.novell.com/linux/security/advisories/2007_8_sr.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1 ST 1018259 SGI SAID Secunia Advisory: SA25894 Secunia Advisory: SA25730 Secunia Advisory: SA25655 Secunia Advisory: SA25432 Secunia Advisory: SA25072 Secunia Advisory: SA25110 Secunia Advisory: SA24839 Secunia Advisory: SA24678 Secunia Advisory: SA26084 Secunia Advisory: SA26231 Secunia Advisory: SA26290 Secunia Advisory: SA31493 Secunia Advisory: SA31490 Secunia Advisory: SA33720 Secunia Advisory: SA33723 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0627.html http://www.redhat.com/support/errata/RHSA-2008-0261.html http://rhn.redhat.com/errata/RHSA-2008-0630.html http://www.redhat.com/support/errata/RHSA-2007-0396.html http://www.redhat.com/support/errata/RHSA-2007-0486.html http://rhn.redhat.com/errata/RHSA-2007-0395.html MISC http://www.gossamer-threads.com/lists/modperl/modperl/92739 MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:083 GENTOO http://security.gentoo.org/glsa/glsa-200705-04.xml CONFIRM http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm BID 23192

Return to the previous page.