OpenPKG Security Advisory
OpenPKG-SA-2007.011
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2007.011 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.011 Advisory Published: 2008-08-07 21:57 UTC Issue Id (internal): OpenPKG-SI-20070329.01 Issue First Created: 2007-03-29 Issue Last Modified: 2007-05-17 Issue Revision: 06
Subject Name: Apache/mod_perl Subject Summary: Perl Extension Module for Apache Subject Home: http://perl.apache.org/ Subject Versions: 1.* <= 1.29 Vulnerability Id: CVE-2007-1349 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service Description: A vulnerability exists [0] in the Apache extension module mod_perl [1], which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a regular expression in "PerlRun.pm" that uses the "path_info" variable without properly escaping it [2]. This can be exploited to cause a DoS by sending requests with specially crafted URLs to a vulnerable server [3][4]. References: [0] http://www.gossamer-threads.com/lists/modperl/modperl/92739 [1] http://perl.apache.org/ [2] http://svn.apache.org/viewvc?view=rev&revision=521582 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349 [4] http://secunia.com/advisories/24678/
Primary Package Name: apache Primary Package Home: http://openpkg.org/go/package/apache Affected Distribution: Affected Branch: Affected Package: OpenPKG Enterprise E1.0-SOLID apache-1.3.37-E1.0.3 OpenPKG Community CURRENT apache-1.3.37-20070324 OpenPKG Community CURRENT apache-php4-1.3.37-20070324 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID apache-1.3.37-E1.0.4 OpenPKG Community CURRENT apache-1.3.37-20070329 OpenPKG Community CURRENT apache-php4-1.3.37-20070329
