URL regular expression DoS (CVE-2007-1349)
A flaw was discovered in the Apache::PerlRun module shipped with
mod_perl 1.29 and earlier and in the ModPerl::RegistryCooker module shipped with
mod_perl 2.03 and earlier. A remote attacker could craft a URL with a path that
would be interpreted as a regular expression, potentially allowing a
denial of service by creating an expression that will take a very long
time to run. This vulnerability only affects Apache::PerlRun and
custom subclasses of ModPerl::RegistryCooker that explicitly use the
namespace_from_uri() method. The Apache::Registry, ModPerl::PerlRun,
and ModPerl::Registry modules are NOT affected.
Users of mod_perl 1.29 and earlier are encouraged to upgrade to 1.30 if they use Apache::PerlRun for their applications. Users of mod_perl 2.03 are encouraged to check their custom code for calls to the namespace_from_uri() method and replace it with the namespace_from_filename() method.
Please note!
mod_perl-1.24_01.tar.gz or later is required for Apache >= 1.3.14.
Name Last modified Size Description
Parent Directory - Perl project
mod_perl-1.31/ 12-May-2009 11:34 - Perl project
mod_perl-2.0.5/ 08-Feb-2011 08:43 - Perl project
mod_perl-2.0.6/ 25-Apr-2012 15:01 - Perl project
KEYS 04-Feb-2011 07:06 39K Developer PGP/GPG keys
mod_perl-1.31.tar.gz 13-May-2009 12:02 381K Perl project
mod_perl-1.31.tar.gz.asc 13-May-2009 12:02 194 PGP signature
mod_perl-2.0.5.tar.gz 08-Feb-2011 10:05 3.6M Perl project
mod_perl-2.0.5.tar.gz.asc 08-Feb-2011 10:05 487 PGP signature
mod_perl-2.0.6.tar.gz 26-Apr-2012 01:04 3.6M Perl project
mod_perl-2.0.6.tar.gz.asc 26-Apr-2012 01:04 495 PGP signature