Bug 240423 – CVE-2007-1349 mod_perl PerlRun denial of service

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 240423 - (CVE-2007-1349) CVE-2007-1349 mod_perl PerlRun denial of service

Summary:	CVE-2007-1349 mod_perl PerlRun denial of service

Status:	CLOSED ERRATA

Aliases:	CVE-2007-1349

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	source=internet,reported=20070517,imp...
Keywords:	Security

Depends On:	414291 449336 241601 241642 241643 241644 241879 241880 242052 414301 430759 430760 430761 430762 430763 430764 445322 445330 449337
Blocks:	444136
	Show dependency tree / graph

Reported:	2007-05-17 09:56 EDT by Joe Orton
Modified:	2010-08-04 17:32 EDT (History)
CC List:	1 user (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2007-06-20 11:02:37 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:0395	normal	SHIPPED_LIVE	Low: mod_perl security update	2008-01-07 13:11:32 EST
Red Hat Product Errata	RHSA-2007:0396	normal	SHIPPED_LIVE	Low: mod_perl security update	2007-06-20 10:57:02 EDT
Red Hat Product Errata	RHSA-2007:0486	normal	SHIPPED_LIVE	Moderate: mod_perl security update	2007-06-18 05:13:18 EDT
Red Hat Product Errata	RHSA-2008:0263	normal	SHIPPED_LIVE	Low: Red Hat Network Proxy Server security update	2008-05-20 10:14:27 EDT
Red Hat Product Errata	RHSA-2008:0627	normal	SHIPPED_LIVE	Low: Red Hat Network Proxy Server security update	2008-08-13 10:14:52 EDT
Red Hat Product Errata	RHSA-2008:0630	normal	SHIPPED_LIVE	Low: Red Hat Network Satellite Server security update	2008-08-13 10:55:17 EDT
Red Hat Product Errata	RHSA-2010:0602	normal	SHIPPED_LIVE	Moderate: Red Hat Certificate System 7.3 security update	2010-08-05 10:04:51 EDT

Groups: None (edit)

Description Joe Orton 2007-05-17 09:56:44 EDT

Description of problem:
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl
2.x, does not properly escape PATH_INFO before use in a regular expression,
which allows remote attackers to cause a denial of service (resource
consumption) via a crafted URI.

Comment 7 errata-xmlrpc 2010-08-04 17:32:49 EDT

This issue has been addressed in following products:

  Red Hat Certificate System 7.3

Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html

Note You need to log in before you can comment on or make changes to this bug.