Bug 240423 (CVE-2007-1349)

Summary: CVE-2007-1349 mod_perl PerlRun denial of service
Product: [Other] Security Response Reporter: Joe Orton <jorton>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: psklenar
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-06-20 15:02:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 241601, 241642, 241643, 241644, 241879, 241880, 242052, 414291, 414301, 430759, 430760, 430761, 430762, 430763, 430764, 445322, 445330, 449336, 449337    
Bug Blocks: 444136    

Description Joe Orton 2007-05-17 13:56:44 UTC 
Description of problem:
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl
2.x, does not properly escape PATH_INFO before use in a regular expression,
which allows remote attackers to cause a denial of service (resource
consumption) via a crafted URI.
Comment 7 errata-xmlrpc 2010-08-04 21:32:49 UTC 
This issue has been addressed in following products:

  Red Hat Certificate System 7.3

Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html