CVE-2013-6438
18.03.2014, 05:18
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.Enginsight
Vendor | Product | Version |
---|---|---|
apache | http_server | 2.2.0 ≤ 𝑥 < 2.2.27 |
apache | http_server | 2.4.1 ≤ 𝑥 < 2.4.9 |
oracle | http_server | 10.1.3.5.0 |
oracle | http_server | 11.1.1.7.0 |
oracle | http_server | 12.1.2.0 |
oracle | http_server | 12.1.3.0 |
canonical | ubuntu_linux | 10.04 |
canonical | ubuntu_linux | 12.04 |
canonical | ubuntu_linux | 12.10 |
canonical | ubuntu_linux | 13.10 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
References