SECUNIA ADVISORY ID: SA24678

VERIFY ADVISORY: http://secunia.com/advisories/24678/

CRITICAL: Moderately critical

IMPACT: DoS

WHERE: >From remote

SOFTWARE:
mod_perl 2.x - http://secunia.com/product/2870/
mod_perl 1.x - http://secunia.com/product/5960/

DESCRIPTION: A vulnerability has been reported in mod_perl, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a regular expression in "RegistryCooker.pm" (mod_perl 2.x) or "PerlRun.pm" (mod_perl 1.x) that uses the "path_info" variable without properly escaping it. This can be exploited to cause a DoS by sending requests with specially crafted URLs to a vulnerable server.

SOLUTION: Fixed in the SVN repository.

PROVIDED AND/OR DISCOVERED BY: Alex Solovey

ORIGINAL ADVISORY: http://www.gossamer-threads.com/lists/modperl/modperl/92739