Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)

Subject: Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)
Date: Fri, 23 Mar 2007 09:06:04 -0400
From: Michael Peters <suppressed>

Randal L. Schwartz wrote:
>>>>>> "Alex" == Alex Solovey <suppressed> writes:
> 
> Alex> The problem is due to unescaped variable interpolation in regular
> Alex> expression $uri =~ /$path_info$/ in sub namespace_from:
> 
> I don't want to raise too many alarms, but this means that every MP1 server
> has a denial-of-service attack against it now.

Not quite. It only affects people running PerlRun. Not insignificant, but
definitely not everyone.

-- 
Michael Peters
Developer
Plus Three, LP

Follow-Ups:
- Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)
  - From: Geoffrey Young
- Re: MP1 Security issue
  - From: Randal L. Schwartz

References:
- [mp1] PerlRun fails if path_info contains special symbols
  - From: Alex Solovey
- MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)
  - From: Randal L. Schwartz

Prev by Date: Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)
Next by Date: Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)
Previous by thread: Re: MP1 Security issue
Next by thread: Re: MP1 Security issue (was Re: [mp1] PerlRun fails if path_info contains special symbols)
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.