Re: Apache mod_perl Status.pm Cross Site Scripting Vulnerability

strajeshkumar · ‎11-25-2009

Dear,

I got report from security team and mentioned that "Apache mod_perl Status.pm Cross Site Scripting Vulnerability" found on the HP UNIX 11.31 server and need to update mod_perl to the latest version as per them suggestion.

I checked in my server and found following information

Perl5-32 D.5.8.8.A 32-bit 5.8.8 Perl Programming Language with Extensions
Perl5-64 D.5.8.8.A 64-bit 5.8.8 Perl Programming Language with Extensions

I tried to find out latest version perl in HP UNIX 11.31 and not able to find out.

Please help me on this.

Sameer_Nirmal · ‎11-25-2009

The latest version of perl available is E.5.8.8.G and you can download it from
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PERL

I don't know if the latest version has the fix for Status.pm module used by mod_perl but you may want to contact HP S/W support to confirm about it.

The vulnerability is CVE-2009-0796

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0796

strajeshkumar · ‎11-29-2009

Thanks for your response.

Currently we have installaed D.5.8.8.A version.

You have specified E.5.8.8.G. But it is also 5.8.8 version.

kindly let me know whether both are same version or not?

Regards
Shameem.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Apache mod_perl Status.pm Cross Site Scripting Vulnerability

Apache mod_perl Status.pm Cross Site Scripting Vulnerability

Re: Apache mod_perl Status.pm Cross Site Scripting Vulnerability

Re: Apache mod_perl Status.pm Cross Site Scripting Vulnerability