PT-2014-3115 · Apache+5 · Apache Http Server+5

Amin Tora

Publicado

2014-03-17

Atualizado

2024-06-15

CVE-2013-6438

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.8

Description The issue arises from the dav xml get cdata function in the mod dav module, which fails to properly remove whitespace characters from CDATA sections. This allows remote attackers to cause a denial of service (daemon crash) by sending a crafted DAV WRITE request.

Recommendations For versions prior to 2.4.8, update to version 2.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the mod dav module until a patch is applied.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

ALT-PU-2015-1890

CESA-2014_0370

CVE-2013-6438

DLA-66-1

HPSBUX03102

HPSBUX03150

MGASA-2014-0135

OPENSUSE-SU-2014_0969-1

OPENSUSE-SU-2024:10268-1

RHSA-2014:0369

RHSA-2014:0370

RHSA-2014:0783

RHSA-2014:0826

RHSA-2014_0369

RHSA-2014_0370

SUSE-SU-2014_0967-1

SUSE-SU-2014_1080-1

SUSE-SU-2014_1081-1

SUSE-SU-2015:0689-1

Produtos afetados

Alt Linux

Apache Http Server

Centos

Hp-Ux

Red Hat

Suse

PT-2014-3115 · Apache+5 · Apache Http Server+5

CVE-2013-6438

Identificadores relacionados

Produtos afetados

Referências · 214