URL regular expression DoS (CVE-2007-1349)
A flaw was discovered in the Apache::PerlRun module shipped with mod_perl 1.29 and earlier and in the ModPerl::RegistryCooker module shipped with mod_perl 2.03 and earlier. A remote attacker could craft a URL with a path that would be interpreted as a regular expression, potentially allowing a denial of service by creating an expression that will take a very long time to run. This vulnerability only affects Apache::PerlRun and custom subclasses of ModPerl::RegistryCooker that explicitly use the namespace_from_uri() method. The Apache::Registry, ModPerl::PerlRun, and ModPerl::Registry modules are NOT affected.

Users of mod_perl 1.29 and earlier are encouraged to upgrade to 1.30 if they use Apache::PerlRun for their applications. Users of mod_perl 2.03 are encouraged to check their custom code for calls to the namespace_from_uri() method and replace it with the namespace_from_filename() method.

Please note!
mod_perl-1.24_01.tar.gz or later is required for Apache >= 1.3.14. 

      Name                      Last modified       Size  Description


[DIR] Parent Directory          24-Jul-2008 03:48      -  
[DIR] contrib/                  25-Feb-1999 20:42      -  
[DIR] mod_perl-1.30/            30-Mar-2007 03:14      -  
[DIR] mod_perl-2.0.3/           29-Nov-2006 05:10      -  
[DIR] mod_perl-2.0.4/           17-Apr-2008 03:20      -  
[   ] HEADER.html.old           22-Mar-2006 19:28     1k  
[   ] KEYS                      29-Nov-2006 05:36    35k  
[   ] README                    01-Aug-2002 22:53     4k  
[   ] mod_perl-1.30.tar.gz      30-Mar-2007 03:14   380k  
[   ] mod_perl-1.30.tar.gz.asc  30-Mar-2007 03:14     1k  
[   ] mod_perl-2.0.3.tar.gz     29-Nov-2006 05:32   3.5M  
[   ] mod_perl-2.0.3.tar.gz.asc 29-Nov-2006 05:32     1k  
[   ] mod_perl-2.0.4.tar.gz     17-Apr-2008 03:33   3.6M  
[   ] mod_perl-2.0.4.tar.gz.asc 17-Apr-2008 03:33     1k