URL regular expression DoS (CVE-2007-1349)
A flaw was discovered in the Apache::PerlRun module shipped with
mod_perl 1.29 and earlier and in the ModPerl::RegistryCooker module shipped with
mod_perl 2.03 and earlier. A remote attacker could craft a URL with a path that
would be interpreted as a regular expression, potentially allowing a
denial of service by creating an expression that will take a very long
time to run. This vulnerability only affects Apache::PerlRun and
custom subclasses of ModPerl::RegistryCooker that explicitly use the
namespace_from_uri() method. The Apache::Registry, ModPerl::PerlRun,
and ModPerl::Registry modules are NOT affected.
Users of mod_perl 1.29 and earlier are encouraged to upgrade to 1.30 if they use Apache::PerlRun for their applications. Users of mod_perl 2.03 are encouraged to check their custom code for calls to the namespace_from_uri() method and replace it with the namespace_from_filename() method.
Please note!
mod_perl-1.24_01.tar.gz or later is required for Apache >= 1.3.14.
Name Last modified Size DescriptionApache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a DAV/2 mod_bwlimited/1.4 PHP/5.2.6 Server at download.filehat.com Port 80
Parent Directory - Perl project contrib/ 26-Feb-1999 10:42 - Perl project mod_perl-1.30/ 30-Mar-2007 16:13 - Perl project mod_perl-2.0.2/ 21-Oct-2005 10:38 - Perl project mod_perl-2.0.3/ 29-Nov-2006 19:10 - Perl project HEADER.html 30-Mar-2007 22:38 1.1K Perl project HEADER.html.old 23-Mar-2006 09:27 359 Perl projectKEYS 29-Nov-2006 19:35 35K Developer PGP/GPG keys README 02-Aug-2002 11:52 4.3K Perl project mod_perl-1.30.tar.gz 30-Mar-2007 16:13 380K Perl project