« Sun Alert 266388... | Main | Sun Alert 266488... »
05 Nov 2009 Sun Alert 272230 Security Vulnerabilities in the Apache 2 "mod_perl2" Module Components "PerlRun.pm" and "Status.pm" May Lead to Denial of Service (DoS) or Unauthorized Access to Data
posted by chandan in Alerts
Product: Solaris 10, OpenSolaris

Two security vulnerabilities exist in the Apache 2 mod_perl2(3) module
components which affect the Apache 2.0 web server bundled with Solaris
10 and the Apache 2.2 web server bundled with OpenSolaris.

The first issue, a Denial of Service (DoS) vulnerability in the "RunPerl.pm"
component (CVE-2007-1349), may allow a remote unprivileged user to
cause a Denial of Service to the Apache 2 "httpd" process.

The second issue, a Cross Site Scripting (CSS or XSS) vulnerability in the
"Status.pm" component (CVE-2009-0796), may allow a remote unprivileged
user to inject arbitrary web script or HTML. This may allow the unprivileged
user to bypass access control and gain access to unauthorized data.

Additional information regarding these issues is available at:

CVE-2007-1349 at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349

CVE-2009-0796 at:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796




State: Preliminary
First released: 05-Nov-2009
Sun Alert Link: http://sunsolve.sun.com/search/document.do?assetkey=1-66-272230-1
Permalink |
Comments:

Post a Comment:

Comments are closed for this entry.

« Sun Alert 266388... | Main | Sun Alert 266488... »

Sun Certified Security Administrator

Download Solaris
Patches and Updates
Download Solaris Security Toolkit

« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today


Company Info   |   Contact   |   Terms of Use   |   Privacy   |   Trademarks   |   Copyright 2008 Sun Microsystems, Inc.