CVE-2013-1896

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.2.25

Description The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault. This can be achieved by sending a MERGE request where the URI is configured for handling by the mod dav svn module, but a certain href attribute in XML data refers to a non-DAV URI. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For Apache HTTP Server versions prior to 2.2.25, update to version 2.2.25 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod dav svn module to minimize the risk of exploitation.