URL regular expression DoS (CVE-2007-1349)
A flaw was discovered in the Apache::PerlRun module shipped with mod_perl 1.29 and earlier and in the ModPerl::RegistryCooker module shipped with mod_perl 2.03 and earlier. A remote attacker could craft a URL with a path that would be interpreted as a regular expression, potentially allowing a denial of service by creating an expression that will take a very long time to run. This vulnerability only affects Apache::PerlRun and custom subclasses of ModPerl::RegistryCooker that explicitly use the namespace_from_uri() method. The Apache::Registry, ModPerl::PerlRun, and ModPerl::Registry modules are NOT affected.

Users of mod_perl 1.29 and earlier are encouraged to upgrade to 1.30 if they use Apache::PerlRun for their applications. Users of mod_perl 2.03 are encouraged to check their custom code for calls to the namespace_from_uri() method and replace it with the namespace_from_filename() method.

Please note!
mod_perl-1.24_01.tar.gz or later is required for Apache >= 1.3.14.

[ICO]NameLast modifiedSizeDescription
[DIR]Parent Directory  -  
[TXT]HEADER.html30-Mar-2007 14:38 1.1K 
[ ]HEADER.html.old22-Mar-2006 23:28 359  
[ ]KEYS29-Nov-2006 09:36 35K 
[ ]README02-Aug-2002 03:53 4.3K 
[DIR]contrib/26-Feb-1999 00:42 -  
[ ]mod_perl-1.30.tar.gz30-Mar-2007 08:14 380K 
[TXT]mod_perl-1.30.tar.gz.asc30-Mar-2007 08:14 186  
[DIR]mod_perl-1.30/30-Mar-2007 08:14 -  
[ ]mod_perl-1.31.tar.gz13-May-2009 04:32 381K 
[TXT]mod_perl-1.31.tar.gz.asc13-May-2009 04:32 194  
[DIR]mod_perl-1.31/12-May-2009 04:04 -  
[ ]mod_perl-2.0.3.tar.gz29-Nov-2006 09:32 3.5M 
[TXT]mod_perl-2.0.3.tar.gz.asc29-Nov-2006 09:32 189  
[DIR]mod_perl-2.0.3/29-Nov-2006 09:10 -  
[ ]mod_perl-2.0.4.tar.gz17-Apr-2008 08:33 3.6M 
[TXT]mod_perl-2.0.4.tar.gz.asc17-Apr-2008 08:33 186  
[DIR]mod_perl-2.0.4/17-Apr-2008 08:20 -  
Apache/2.2.14 (Ubuntu) Server at ftp.unina.it Port 80