Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 272230 Security Vulnerabilities in the Apache 2 "mod_perl2" Module Components "PerlRun.pm" and "Status.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to Data
Informations
Name SUN-272230 First vendor Publication 2009-11-05
Vendor Sun Last vendor Modification 2009-12-02
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10, OpenSolaris

Two security vulnerabilities exist in the Apache 2 mod_perl2(3) module
components which affect the Apache 2.0 web server bundled with Solaris
10 and the Apache 2.2 web server bundled with OpenSolaris.

The first issue, a Denial of Service (DoS) vulnerability in the "RunPerl.pm"
component (CVE-2007-1349), may allow a remote unprivileged user to
cause a Denial of Service to the Apache 2 "httpd" process.

The second issue, a Cross Site Scripting (CSS or XSS) vulnerability in the
"Status.pm" component (CVE-2009-0796), may allow a remote unprivileged
user to inject arbitrary web script or HTML. This may allow the unprivileged
user to bypass access control and gain access to unauthorized data.

Additional information regarding these issues is available at:

CVE-2007-1349 at:

http://www.security-database.com/detail.php?cve=CVE-2007-1349

CVE-2009-0796 at:

http://www.security-database.com/detail.php?cve=CVE-2009-0796
State: Resolved
First released: 05-Nov-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_272230_security_vulnerabilities

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
50 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10987
 
Oval ID: oval:org.mitre.oval:def:10987
Title: PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Description: PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Family: unix Class: vulnerability
Reference(s): CVE-2007-1349
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21702
 
Oval ID: oval:org.mitre.oval:def:21702
Title: ELSA-2007:0395: mod_perl security update (Low)
Description: PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Family: unix Class: patch
Reference(s): ELSA-2007:0395-02
CVE-2007-1349
Version: 6
Platform(s): Oracle Linux 5
Product(s): mod_perl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8349
 
Oval ID: oval:org.mitre.oval:def:8349
Title: Security Vulnerabilities in the Apache 2 "mod_perl2" Module Components "PerlRun.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to Data
Description: PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
Family: unix Class: vulnerability
Reference(s): CVE-2007-1349
Version: 2
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8488
 
Oval ID: oval:org.mitre.oval:def:8488
Title: Security Vulnerabilities in the Apache 2 "mod_perl2" Module Components "Status.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to Data
Description: Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0796
Version: 2
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 1
Os 3
Os 3
Os 1
Os 3
Os 3

OpenVAS Exploits

Date Description
2011-09-07 Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2010-02-03 Name : Solaris Update for Apache 1.3 122912-19
File : nvt/gb_solaris_122912_19.nasl
2010-02-03 Name : Solaris Update for Apache 1.3 122911-19
File : nvt/gb_solaris_122911_19.nasl
2009-12-14 Name : Mandriva Security Advisory MDVSA-2009:091-1 (mod_perl)
File : nvt/mdksa_2009_091_1.nasl
2009-10-10 Name : SLES9: Security update for mod_perl
File : nvt/sles9p5019089.nasl
2009-05-20 Name : FreeBSD Ports: mod_perl
File : nvt/freebsd_mod_perl0.nasl
2009-04-24 Name : Mod_Perl Path_Info Remote Denial Of Service Vulnerability
File : nvt/modperl_cve_2007_1349.nasl
2009-04-20 Name : Ubuntu USN-757-1 (gs-gpl)
File : nvt/ubuntu_757_1.nasl
2009-04-15 Name : Mandrake Security Advisory MDVSA-2009:091 (mod_perl)
File : nvt/mdksa_2009_091.nasl
2009-04-13 Name : Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting V...
File : nvt/modperl_cve_2009_0796.nasl
2009-04-09 Name : Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
File : nvt/gb_mandriva_MDKSA_2007_083.nasl
2009-03-23 Name : Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
File : nvt/gb_ubuntu_USN_488_1.nasl
2009-02-27 Name : Fedora Update for mod_perl FEDORA-2007-577
File : nvt/gb_fedora_2007_577_mod_perl_fc6.nasl
2009-02-27 Name : Fedora Update for mod_perl FEDORA-2007-576
File : nvt/gb_fedora_2007_576_mod_perl_fc5.nasl
2009-02-27 Name : Fedora Update for mod_perl FEDORA-2007-0316
File : nvt/gb_fedora_2007_0316_mod_perl_fc7.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200705-04 (mod_perl)
File : nvt/glsa_200705_04.nasl
2008-09-04 Name : FreeBSD Ports: mod_perl
File : nvt/freebsd_mod_perl.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
53289 Apache mod_perl Apache::Status /perl-status Unspecified XSS

34541 mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remot...

The mod_perl module for Apache HTTP Server contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the RegistryCooker.pm script not properly escaping the PATH_INFO variable before use in a regular expression. With specially crafted requests, an attacker can exhaust resources and cause the server to stop responding.
34540 mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS

The mod_perl module for Apache HTTP Server contains a flaw that may allow a remote attacker to cause a denial of service. The issue is due to the PerlRun.pm script not properly escaping the PATH_INFO variable before use in a regular expression. With specially crafted requests, an attacker can exhaust resources and cause the server to stop responding.

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0395.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2008-0627.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0523.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0263.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20070614_mod_perl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-10 Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0630.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0524.nasl - Type : ACT_GATHER_INFO
2010-01-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0261.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_11496.nasl - Type : ACT_GATHER_INFO
2009-05-18 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_4a63889541b711deb1cc00219b0fc4d8.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-091.nasl - Type : ACT_GATHER_INFO
2009-04-07 Name : The remote web server uses a module that is affected by a cross-site scriptin...
File : mod_perl_status_uri_xss.nasl - Type : ACT_GATHER_INFO
2007-11-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-488-1.nasl - Type : ACT_GATHER_INFO
2007-11-06 Name : The remote Fedora host is missing a security update.
File : fedora_2007-0316.nasl - Type : ACT_GATHER_INFO
2007-06-18 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2007-0486.nasl - Type : ACT_GATHER_INFO
2007-06-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0395.nasl - Type : ACT_GATHER_INFO
2007-06-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0395.nasl - Type : ACT_GATHER_INFO
2007-06-12 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-577.nasl - Type : ACT_GATHER_INFO
2007-06-12 Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-576.nasl - Type : ACT_GATHER_INFO
2007-05-03 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200705-04.nasl - Type : ACT_GATHER_INFO
2007-04-30 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_ef2ffb03f2b011dbad250010b5a0a860.nasl - Type : ACT_GATHER_INFO
2007-04-12 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-083.nasl - Type : ACT_GATHER_INFO
2006-07-18 Name : The remote host is missing Sun Security Patch number 122911-37
File : solaris10_122911.nasl - Type : ACT_GATHER_INFO
2006-07-18 Name : The remote host is missing Sun Security Patch number 122912-37
File : solaris10_x86_122912.nasl - Type : ACT_GATHER_INFO
2004-10-17 Name : The remote host is missing Sun Security Patch number 116973-07
File : solaris8_116973.nasl - Type : ACT_GATHER_INFO
2004-10-17 Name : The remote host is missing Sun Security Patch number 116974-07
File : solaris8_x86_116974.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 113146-13
File : solaris9_113146.nasl - Type : ACT_GATHER_INFO
2004-07-12 Name : The remote host is missing Sun Security Patch number 114145-12
File : solaris9_x86_114145.nasl - Type : ACT_GATHER_INFO