FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-1349

This CVE name corresponds to:

Entered Topic
2007-04-24 mod_perl -- remote DoS in PATH_INFO parsing

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-1349 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-1349
Phase Assigned(20070308)

Description

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

References

Source Reference
MISC http://www.gossamer-threads.com/lists/modperl/modperl/92739
CONFIRM http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm
GENTOO GLSA-200705-04
MANDRIVA MDKSA-2007:083
REDHAT RHSA-2007:0395
REDHAT RHSA-2007:0486
REDHAT RHSA-2007:0396
REDHAT RHSA-2008:0261
REDHAT RHSA-2008:0630
REDHAT RHSA-2008:0627
SGI 20070602-01-P
SUNALERT 248386
SUNALERT 1021508
SUSE SUSE-SR:2007:008
SUSE SUSE-SR:2007:012
TRUSTIX 2007-0023
UBUNTU USN-488-1
BID 23192
OVAL oval:org.mitre.oval:def:10987
OVAL oval:org.mitre.oval:def:8349
VUPEN ADV-2007-1150
SECTRACK 1018259
SECUNIA 24678
SECUNIA 24839
SECUNIA 25110
SECUNIA 25072
SECUNIA 25432
SECUNIA 25655
SECUNIA 25730
SECUNIA 25894
SECUNIA 26084
SECUNIA 26231
SECUNIA 26290
SECUNIA 31493
SECUNIA 31490
SECUNIA 33720
SECUNIA 33723
XF modperl-pathinfo-dos(33312)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.