Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-1896

Опубликовано: 23 мая 2013
Источник: redhat
CVSS2: 5
EPSS Средний

Описание

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Directory Server 8httpdUnder investigation
Red Hat Enterprise Linux 4httpdAffected
Red Hat Enterprise Linux 7httpdNot affected
Red Hat JBoss Enterprise Web Server 1httpdWill not fix
Red Hat Enterprise Linux 5httpdFixedRHSA-2013:115613.08.2013
Red Hat Enterprise Linux 6httpdFixedRHSA-2013:115613.08.2013
Red Hat JBoss Enterprise Application Platform 6.1httpdFixedRHSA-2013:120904.09.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5apache-commons-beanutilsFixedRHSA-2013:120704.09.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5apache-commons-daemon-jsvc-eap6FixedRHSA-2013:120704.09.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5apache-cxfFixedRHSA-2013:120704.09.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=983549httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav

EPSS

Процентиль: 97%
0.36055
Средний

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-1896

ubuntu
около 12 лет назад

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

nvd логотип

CVE-2013-1896

nvd
около 12 лет назад

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

debian логотип

CVE-2013-1896

debian
около 12 лет назад

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly de ...

github логотип

GHSA-g852-xcg2-2w9v

github
больше 3 лет назад

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

oracle-oval логотип

ELSA-2013-1156

oracle-oval
около 12 лет назад

ELSA-2013-1156: httpd security update (MODERATE)

EPSS

Процентиль: 97%
0.36055
Средний

5 Medium

CVSS2