Mandriva Linux Security Advisory : mod_perl (MDVSA-2009:091-1)
Low Nessus Plugin ID 37785
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been found and corrected in mod_perl v1.x and v2.x :
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI (CVE-2009-0796).
The updated packages have been patched to correct these issues.
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
SolutionUpdate the affected apache-mod_perl and / or apache-mod_perl-devel packages.