mod_perl *path_info* Denial of Service Vulnerability

Posted on Thursday, March 29, 2007 @ 23:46:22 PDT in Security
by Raven

SECUNIA ADVISORY ID: SA24678

VERIFY ADVISORY: http://secunia.com/advisories/24678/

CRITICAL: Moderately critical

IMPACT: DoS

WHERE: >From remote

SOFTWARE:
mod_perl 2.x - http://secunia.com/product/2870/
mod_perl 1.x - http://secunia.com/product/5960/

DESCRIPTION: A vulnerability has been reported in mod_perl, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).


The vulnerability is caused due to a regular expression in "RegistryCooker.pm" (mod_perl 2.x) or "PerlRun.pm" (mod_perl 1.x) that uses the "path_info" variable without properly escaping it. This can be exploited to cause a DoS by sending requests with specially crafted URLs to a vulnerable server.

SOLUTION: Fixed in the SVN repository.

PROVIDED AND/OR DISCOVERED BY: Alex Solovey

ORIGINAL ADVISORY: http://www.gossamer-threads.com/lists/modperl/modperl/92739
 
 
click Related        click Share
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 361,617,557
  • Today: 31,914
Server InfoServer Info
  • Jul 16, 2018
  • 07:39 am PDT
 
 

Daily Inspiration