CVE-2013-1896

First published: Wed Jul 10 2013(Updated: )

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Apache HTTP server	>=2.2.0<2.2.25
Apache HTTP server	>=2.4.1<2.4.6
Redhat Jboss Enterprise Application Platform	=6.0.0
Redhat Jboss Enterprise Application Platform	=6.4.0
Redhat Enterprise Linux	=5.0
Redhat Enterprise Linux	=6.0
Redhat Enterprise Linux Desktop	=5.0
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Eus	=5.9
Redhat Enterprise Linux Eus	=6.4
Redhat Enterprise Linux Server	=5.0
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Server Aus	=5.9
Redhat Enterprise Linux Server Aus	=6.4
Redhat Enterprise Linux Workstation	=5.0
Redhat Enterprise Linux Workstation	=6.0
Canonical Ubuntu Linux	=10.04
Canonical Ubuntu Linux	=12.04
Canonical Ubuntu Linux	=12.10
Canonical Ubuntu Linux	=13.04
openSUSE openSUSE	=11.4
openSUSE openSUSE	=12.2
openSUSE openSUSE	=12.3

Remedy

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?r1=1482522&r2=1485668&diff_format=h

Never miss a vulnerability like this again

Reference Links

agent/type
agent/first-publish-date
agent/last-modified-date
agent/references
agent/remedy
agent/severity
agent/author
agent/description
agent/event
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
collector/mitre-cve
source/MITRE
vendor/apache
canonical/apache http server
version/apache http server/2.2.0
version/apache http server/2.4.1
vendor/redhat
canonical/redhat jboss enterprise application platform
version/redhat jboss enterprise application platform/6.0.0
version/redhat jboss enterprise application platform/6.4.0
canonical/redhat enterprise linux
version/redhat enterprise linux/5.0
version/redhat enterprise linux/6.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/5.0
version/redhat enterprise linux desktop/6.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/5.9
version/redhat enterprise linux eus/6.4
canonical/redhat enterprise linux server
version/redhat enterprise linux server/5.0
version/redhat enterprise linux server/6.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/5.9
version/redhat enterprise linux server aus/6.4
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/5.0
version/redhat enterprise linux workstation/6.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/10.04
version/canonical ubuntu linux/12.04
version/canonical ubuntu linux/12.10
version/canonical ubuntu linux/13.04
vendor/opensuse
canonical/opensuse opensuse
version/opensuse opensuse/11.4
version/opensuse opensuse/12.2
version/opensuse opensuse/12.3

CVE-2013-1896

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact