Sun Alert 272230 Security Vulnerabilities in the Apache 2 "mod_perl2" Module Components "PerlRun.pm" and "Status.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to Data
Product: Solaris 10, OpenSolarisTwo security vulnerabilities exist in the Apache 2 mod_perl2(3) module components which affect the Apache 2.0 web server bundled with Solaris 10 and the Apache 2.2 web server bundled with OpenSolaris. The first issue, a Denial of Service (DoS) vulnerability in the "RunPerl.pm" component (CVE-2007-1349), may allow a remote unprivileged user to cause a Denial of Service to the Apache 2 "httpd" process. The second issue, a Cross Site Scripting (CSS or XSS) vulnerability in the "Status.pm" ...

Product: Solaris 10, OpenSolaris

Two security vulnerabilities exist in the Apache 2 mod_perl2(3) module
components which affect the Apache 2.0 web server bundled with Solaris
10 and the Apache 2.2 web server bundled with OpenSolaris.

The first issue, a Denial of Service (DoS) vulnerability in the "RunPerl.pm"
component (CVE-2007-1349), may allow a remote unprivileged user to
cause a Denial of Service to the Apache 2 "httpd" process.

The second issue, a Cross Site Scripting (CSS or XSS) vulnerability in the
"Status.pm" component (CVE-2009-0796), may allow a remote unprivileged
user to inject arbitrary web script or HTML. This may allow the unprivileged
user to bypass access control and gain access to unauthorized data.

Additional information regarding these issues is available at:

CVE-2007-1349 at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349

CVE-2009-0796 at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796




State: Preliminary
First released: 05-Nov-2009

Read Full Article
 

Our Sponsors

Shoutcast Streams | Internet Radio HOSTINGLitespeed Web HostingIRC | IRCd | Internet Relay Chat HostingEarn Recurring Income

Member Login