The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server prior to 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote malicious users to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
oracle http server 12.1.3.0 |
||
oracle http server 12.1.2.0 |
||
oracle http server 11.1.1.7.0 |
||
oracle http server 10.1.3.5.0 |
||
canonical ubuntu linux 13.10 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 12.04 |