Vulnerability CVE-2007-1349


Published: 2007-03-29   Modified: 2011-03-07

Description:
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Type:

CWE-399

(Resource Management Errors)

Vendor: Apache
Product: Mod perl 
Version:
2.0.3
2.0.2
2.0.1
2.0.0
Product: Apache test 
Version: 1.29;
Product: Http server 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.securityfocus.com/bid/23192
http://www.vupen.com/english/advisories/2007/1150
http://www.ubuntu.com/usn/usn-488-1
http://www.securitytracker.com/id?1018259
http://www.redhat.com/support/errata/RHSA-2008-0627.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.redhat.com/support/errata/RHSA-2007-0486.html
http://www.redhat.com/support/errata/RHSA-2007-0396.html
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.novell.com/linux/security/advisories/2007_12_sr.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:083
http://www.gossamer-threads.com/lists/modperl/modperl/92739
http://svn.apache.org/repos/asf/perl/modperl/branches/1.x/Changes
http://support.avaya.com/elmodocs2/security/ASA-2007-293.htm
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021508.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-248386-1
http://security.gentoo.org/glsa/glsa-200705-04.xml
http://secunia.com/advisories/33723
http://secunia.com/advisories/33720
http://secunia.com/advisories/31493
http://secunia.com/advisories/31490
http://secunia.com/advisories/26290
http://secunia.com/advisories/26231
http://secunia.com/advisories/26084
http://secunia.com/advisories/25894
http://secunia.com/advisories/25730
http://secunia.com/advisories/25655
http://secunia.com/advisories/25432
http://secunia.com/advisories/25110
http://secunia.com/advisories/25072
http://secunia.com/advisories/24839
http://secunia.com/advisories/24678
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://rhn.redhat.com/errata/RHSA-2007-0395.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8349
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10987
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc

Related CVE
CVE-2015-3254
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
CVE-2017-7676
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.
CVE-2017-7677
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.
CVE-2016-8751
Apache Ranger before 0.6.is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
CVE-2016-8746
Apache Ranger before 0.6.3 policy engine incorrectly matches paths in certain conditions when policy does not contain wildcards and has recursion flag set to true.
CVE-2017-7667
Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the response header telling browsers to only allow framing with the same origin.
CVE-2017-7665
In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain user input components in the UI which had been guarding for some forms of XSS issues but were insufficient.
CVE-2015-5175
Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.

Copyright 2017, cxsecurity.com