PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://rhn.redhat.com/errata/RHSA-2007-0395.html
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://secunia.com/advisories/24678
http://secunia.com/advisories/24839
http://secunia.com/advisories/25072
http://secunia.com/advisories/25110
http://secunia.com/advisories/25432
http://secunia.com/advisories/25655
http://secunia.com/advisories/25730
http://secunia.com/advisories/25894
http://secunia.com/advisories/26084
http://secunia.com/advisories/26231
http://secunia.com/advisories/26290
http://secunia.com/advisories/31490
http://secunia.com/advisories/31493
http://secunia.com/advisories/33720
http://secunia.com/advisories/33723
http://security.gentoo.org/glsa/glsa-200705-04.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1
http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm
http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes
http://www.gossamer-threads.com/lists/modperl/modperl/92739
http://www.mandriva.com/security/advisories?name=MDKSA-2007:083
http://www.novell.com/linux/security/advisories/2007_12_sr.html
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.redhat.com/support/errata/RHSA-2007-0396.html
http://www.redhat.com/support/errata/RHSA-2007-0486.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.redhat.com/support/errata/RHSA-2008-0627.html
http://www.securityfocus.com/bid/23192
http://www.securitytracker.com/id?1018259
http://www.trustix.org/errata/2007/0023/
http://www.ubuntu.com/usn/usn-488-1
http://www.vupen.com/english/advisories/2007/1150
https://exchange.xforce.ibmcloud.com/vulnerabilities/33312
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10987
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8349
OR
cpe:2.3:a:apache:mod_perl:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:mod_perl:*:*:*:*:*:*:*:* versions from 2.0.0 to 2.0.11 (inclusive)
OR
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
OR
cpe:2.3:a:redhat:network_satellite:5.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:4.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
107888 | Solaris 10 (x86) : 122912-37 | Nessus | Solaris Local Security Checks | medium |
107887 | Solaris 10 (x86) : 122912-36 | Nessus | Solaris Local Security Checks | medium |
107886 | Solaris 10 (x86) : 122912-35 | Nessus | Solaris Local Security Checks | medium |
107885 | Solaris 10 (x86) : 122912-34 | Nessus | Solaris Local Security Checks | medium |
107884 | Solaris 10 (x86) : 122912-33 | Nessus | Solaris Local Security Checks | medium |
107883 | Solaris 10 (x86) : 122912-32 | Nessus | Solaris Local Security Checks | medium |
107386 | Solaris 10 (sparc) : 122911-37 | Nessus | Solaris Local Security Checks | medium |
107385 | Solaris 10 (sparc) : 122911-36 | Nessus | Solaris Local Security Checks | medium |
107384 | Solaris 10 (sparc) : 122911-35 | Nessus | Solaris Local Security Checks | medium |
107383 | Solaris 10 (sparc) : 122911-34 | Nessus | Solaris Local Security Checks | medium |
107382 | Solaris 10 (sparc) : 122911-33 | Nessus | Solaris Local Security Checks | medium |
107381 | Solaris 10 (sparc) : 122911-32 | Nessus | Solaris Local Security Checks | medium |
67508 | Oracle Linux 3 / 4 / 5 : mod_perl (ELSA-2007-0395) | Nessus | Oracle Linux Local Security Checks | medium |
63859 | RHEL 4 : Proxy Server (RHSA-2008:0627) | Nessus | Red Hat Local Security Checks | medium |
63857 | RHEL 3 / 4 : Proxy Server (RHSA-2008:0523) | Nessus | Red Hat Local Security Checks | high |
63853 | RHEL 4 : Proxy Server (RHSA-2008:0263) | Nessus | Red Hat Local Security Checks | medium |
60211 | Scientific Linux Security Update : mod_perl on SL5.x, SL4.x, SL3.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | medium |
43840 | RHEL 4 : Satellite Server (RHSA-2008:0630) | Nessus | Red Hat Local Security Checks | medium |
43837 | RHEL 3 / 4 : Satellite Server (RHSA-2008:0524) | Nessus | Red Hat Local Security Checks | critical |
43835 | RHEL 4 : Satellite Server (RHSA-2008:0261) | Nessus | Red Hat Local Security Checks | critical |
41127 | SuSE9 Security Update : mod_perl (YOU Patch Number 11496) | Nessus | SuSE Local Security Checks | medium |
28089 | Ubuntu 6.06 LTS / 6.10 / 7.04 : libapache2-mod-perl2 vulnerability (USN-488-1) | Nessus | Ubuntu Local Security Checks | medium |
27658 | Fedora 7 : mod_perl-2.0.3-9.1.fc7 (2007-0316) | Nessus | Fedora Local Security Checks | medium |
25539 | RHEL 2.1 : mod_perl (RHSA-2007:0486) | Nessus | Red Hat Local Security Checks | medium |
25526 | CentOS 3 / 4 / 5 : mod_perl (CESA-2007:0395) | Nessus | CentOS Local Security Checks | medium |
25519 | RHEL 3 / 4 / 5 : mod_perl (RHSA-2007:0395) | Nessus | Red Hat Local Security Checks | medium |
25154 | GLSA-200705-04 : Apache mod_perl: Denial of Service | Nessus | Gentoo Local Security Checks | medium |
25103 | FreeBSD : mod_perl -- remote DoS in PATH_INFO parsing (ef2ffb03-f2b0-11db-ad25-0010b5a0a860) | Nessus | FreeBSD Local Security Checks | medium |
25034 | Mandrake Linux Security Advisory : apache-mod_perl (MDKSA-2007:083) | Nessus | Mandriva Local Security Checks | medium |
22063 | Solaris 10 (x86) : 122912-37 (deprecated) | Nessus | Solaris Local Security Checks | medium |
22060 | Solaris 10 (sparc) : 122911-37 (deprecated) | Nessus | Solaris Local Security Checks | medium |
15483 | Solaris 8 (x86) : 116974-07 | Nessus | Solaris Local Security Checks | critical |
15482 | Solaris 8 (sparc) : 116973-07 | Nessus | Solaris Local Security Checks | critical |
13593 | Solaris 9 (x86) : 114145-12 | Nessus | Solaris Local Security Checks | critical |
13530 | Solaris 9 (sparc) : 113146-13 | Nessus | Solaris Local Security Checks | critical |