Sun Alert 272230 Security Vulnerabilities in the Apache 2 "mod_perl2" Module Components "PerlRun.pm" and "Status.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to Data

Exploits:

font size: decrease font size increase font size
Rate this article
View Comments
Related content

Product: Solaris 10, OpenSolarisTwo security vulnerabilities exist in the Apache 2 mod_perl2(3) module components which affect the Apache 2.0 web server bundled with Solaris 10 and the Apache 2.2 web server bundled with OpenSolaris. The first issue, a Denial of Service (DoS) vulnerability in the "RunPerl.pm" component (CVE-2007-1349), may allow a remote unprivileged user to cause a Denial of Service to the Apache 2 "httpd" process. The second issue, a Cross Site Scripting (CSS or XSS) vulnerability in the "Status.pm" ...

Product: Solaris 10, OpenSolaris

Two security vulnerabilities exist in the Apache 2 mod_perl2(3) module
components which affect the Apache 2.0 web server bundled with Solaris
10 and the Apache 2.2 web server bundled with OpenSolaris.

The first issue, a Denial of Service (DoS) vulnerability in the "RunPerl.pm"
component (CVE-2007-1349), may allow a remote unprivileged user to
cause a Denial of Service to the Apache 2 "httpd" process.

The second issue, a Cross Site Scripting (CSS or XSS) vulnerability in the
"Status.pm" component (CVE-2009-0796), may allow a remote unprivileged
user to inject arbitrary web script or HTML. This may allow the unprivileged
user to bypass access control and gain access to unauthorized data.

Additional information regarding these issues is available at:

CVE-2007-1349 at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349

CVE-2009-0796 at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796

State: Preliminary

First released: 05-Nov-2009

Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-272230-1

Read Full Article

Written on Wednesday, 04 November 2009 19:00 by

Viewed 25 times so far.
Like this? Tweet it to your followers!

Published in Subscribe to the RSS feed of Network Security & Hacking News Network Security & Hacking News / Subscribe to the RSS feed of Global Security News Global Security News

Like this? Let your friends know now!

Rate this article

Latest articles from

Vuln: Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability posted on Thursday, 19 November 2009 11:00
Linux Kernel 'locks_remove_flock()' Local Race Condition Vulnerability
Vuln: Linux Kernel '/proc/net/rt_cache' Remote Denial of Service Vulnerability posted on Thursday, 19 November 2009 11:00
Linux Kernel '/proc/net/rt_cache' Remote Denial of Service Vulnerability
Vuln: Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness posted on Thursday, 19 November 2009 11:00
Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
Vuln: Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities posted on Thursday, 19 November 2009 11:00
Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
Microsoft: No backdoor in Windows 7 posted on Friday, 20 November 2009 06:37
But NSA admits involvement in OS security guide

Latest 'tweets' from GovernmentSecurity

News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38

blog comments powered by Disqus

back to top