FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mod_perl -- remote DoS in PATH_INFO parsing

Affected packages
mod_perl < 1.30
mod_perl2 < 2.0.3_2,3

Details

VuXML ID ef2ffb03-f2b0-11db-ad25-0010b5a0a860
Discovery 2007-03-29
Entry 2007-04-24
Modified 2007-06-27

Mandriva reports:

PerlRun.pm in Apache mod_perl 1.29 and earlier, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

References

CVE Name CVE-2007-1349
URL http://secunia.com/advisories/24839
URL http://www.mandriva.com/security/advisories?name=MDKSA-2007:083