Apache · Apache Http Server · CVE-2013-6438
**Name of the Vulnerable Software and Affected Versions**
Apache HTTP Server versions prior to 2.4.8
**Description**
The issue arises from the `dav xml get cdata` function in the mod dav module, which fails to properly remove whitespace characters from CDATA sections. This allows remote attackers to cause a denial of service (daemon crash) by sending a crafted DAV WRITE request.
**Recommendations**
For versions prior to 2.4.8, update to version 2.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod dav module until a patch is applied.