Author: geoff
Date: Wed Mar 28 13:08:27 2007
New Revision: 523447
URL: http://svn.apache.org/viewvc?view=rev&rev=523447
Log:
add in CVE-2007-1349 note
Modified:
perl/modperl/docs/trunk/src/dist/HEADER.html
Modified: perl/modperl/docs/trunk/src/dist/HEADER.html
URL: http://svn.apache.org/viewvc/perl/modperl/docs/trunk/src/dist/HEADER.html?view=diff&rev=523447&r1=523446&r2=523447
==============================================================================
--- perl/modperl/docs/trunk/src/dist/HEADER.html (original)
+++ perl/modperl/docs/trunk/src/dist/HEADER.html Wed Mar 28 13:08:27 2007
@@ -2,6 +2,25 @@
<img src="../images/logo/mod_perl_logo.jpg">
</center>
<p>
+<b>URL regular expression DoS (CVE-2007-1349)</b><br>
+A flaw was discovered in the Apache::PerlRun module shipped with
+mod_perl 1.29 and earlier and in the ModPerl::RegistryCooker module shipped with
+mod_perl 2.03 and earlier. A remote attacker could craft a URL with a path that
+would be interpreted as a regular expression, potentially allowing a
+denial of service by creating an expression that will take a very long
+time to run. This vulnerability only affects Apache::PerlRun and
+custom subclasses of ModPerl::RegistryCooker that explicitly use the
+namespace_from_uri() method. The Apache::Registry, ModPerl::PerlRun,
+and ModPerl::Registry modules are NOT affected.
+</p>
+<p>
+Users of mod_perl 1.29 and earlier are encouraged to upgrade to 1.30 if
+they use Apache::PerlRun for their applications. Users of mod_perl 2.03
+are encouraged to check their custom code for calls to the
+namespace_from_uri() method and replace it with the
+namespace_from_filename() method.
+</p>
+<p>
<b>Please note!</b><br>
mod_perl-1.24_01.tar.gz or later is required for Apache >= 1.3.14.
</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-cvs-unsubscribe@perl.apache.org
For additional commands, e-mail: docs-cvs-help@perl.apache.org
Date: Wed Mar 28 13:08:27 2007
New Revision: 523447
URL: http://svn.apache.org/viewvc?view=rev&rev=523447
Log:
add in CVE-2007-1349 note
Modified:
perl/modperl/docs/trunk/src/dist/HEADER.html
Modified: perl/modperl/docs/trunk/src/dist/HEADER.html
URL: http://svn.apache.org/viewvc/perl/modperl/docs/trunk/src/dist/HEADER.html?view=diff&rev=523447&r1=523446&r2=523447
==============================================================================
--- perl/modperl/docs/trunk/src/dist/HEADER.html (original)
+++ perl/modperl/docs/trunk/src/dist/HEADER.html Wed Mar 28 13:08:27 2007
@@ -2,6 +2,25 @@
<img src="../images/logo/mod_perl_logo.jpg">
</center>
<p>
+<b>URL regular expression DoS (CVE-2007-1349)</b><br>
+A flaw was discovered in the Apache::PerlRun module shipped with
+mod_perl 1.29 and earlier and in the ModPerl::RegistryCooker module shipped with
+mod_perl 2.03 and earlier. A remote attacker could craft a URL with a path that
+would be interpreted as a regular expression, potentially allowing a
+denial of service by creating an expression that will take a very long
+time to run. This vulnerability only affects Apache::PerlRun and
+custom subclasses of ModPerl::RegistryCooker that explicitly use the
+namespace_from_uri() method. The Apache::Registry, ModPerl::PerlRun,
+and ModPerl::Registry modules are NOT affected.
+</p>
+<p>
+Users of mod_perl 1.29 and earlier are encouraged to upgrade to 1.30 if
+they use Apache::PerlRun for their applications. Users of mod_perl 2.03
+are encouraged to check their custom code for calls to the
+namespace_from_uri() method and replace it with the
+namespace_from_filename() method.
+</p>
+<p>
<b>Please note!</b><br>
mod_perl-1.24_01.tar.gz or later is required for Apache >= 1.3.14.
</p>
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-cvs-unsubscribe@perl.apache.org
For additional commands, e-mail: docs-cvs-help@perl.apache.org