CVE Vulnerabilities

CVE-2013-6438

Published: Mar 18, 2014 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 2.2.0 (including) 2.2.27 (excluding)
Http_server Apache 2.4.1 (including) 2.4.9 (excluding)

References