CVE-2007-1349

Currently unrated

Key Information:

Vendor: Apache
Status: Mod Perl
Vendor: CVE Published:; 30 March 2007

Summary

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

References

http://secunia.com/advisories/26231

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1018259

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/25894

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 30, 2007
Vulnerability Reserved
Mar 8, 2007