perl-docs-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ge...@apache.org
Subject svn commit: r523447 - /perl/modperl/docs/trunk/src/dist/HEADER.html
Date Wed, 28 Mar 2007 20:08:29 GMT
Author: geoff
Date: Wed Mar 28 13:08:27 2007
New Revision: 523447

URL: http://svn.apache.org/viewvc?view=rev&rev=523447
Log:
add in CVE-2007-1349 note

Modified:
    perl/modperl/docs/trunk/src/dist/HEADER.html

Modified: perl/modperl/docs/trunk/src/dist/HEADER.html
URL: http://svn.apache.org/viewvc/perl/modperl/docs/trunk/src/dist/HEADER.html?view=diff&rev=523447&r1=523446&r2=523447
==============================================================================
--- perl/modperl/docs/trunk/src/dist/HEADER.html (original)
+++ perl/modperl/docs/trunk/src/dist/HEADER.html Wed Mar 28 13:08:27 2007
@@ -2,6 +2,25 @@
 <img src="../images/logo/mod_perl_logo.jpg">
 </center>
 <p>
+<b>URL regular expression DoS (CVE-2007-1349)</b><br>
+A flaw was discovered in the Apache::PerlRun module shipped with
+mod_perl 1.29 and earlier and in the ModPerl::RegistryCooker module shipped with
+mod_perl 2.03 and earlier.  A remote attacker could craft a URL with a path that
+would be interpreted as a regular expression, potentially allowing a
+denial of service by creating an expression that will take a very long
+time to run.  This vulnerability only affects Apache::PerlRun and
+custom subclasses of ModPerl::RegistryCooker that explicitly use the
+namespace_from_uri() method.  The Apache::Registry, ModPerl::PerlRun,
+and ModPerl::Registry modules are NOT affected.
+</p>
+<p>
+Users of mod_perl 1.29 and earlier are encouraged to upgrade to 1.30 if
+they use Apache::PerlRun for their applications.  Users of mod_perl 2.03
+are encouraged to check their custom code for calls to the
+namespace_from_uri() method and replace it with the
+namespace_from_filename() method.
+</p>
+<p>
 <b>Please note!</b><br>
 mod_perl-1.24_01.tar.gz or later is required for Apache >= 1.3.14.
 </p>



---------------------------------------------------------------------
To unsubscribe, e-mail: docs-cvs-unsubscribe@perl.apache.org
For additional commands, e-mail: docs-cvs-help@perl.apache.org


Mime
View raw message