Published: 18/03/2014 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 450

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Subscribe to Apache

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server prior to 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote malicious users to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server
oracle http server 12.1.3.0
oracle http server 12.1.2.0
oracle http server 11.1.1.7.0
oracle http server 10.1.3.5.0
canonical ubuntu linux 13.10
canonical ubuntu linux 12.10
canonical ubuntu linux 10.04
canonical ubuntu linux 12.04

Apache HTTP server could be made to crash if it received specially crafted network traffic ...

It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possib ...

The dav_xml_get_cdata function in main/utilc in the mod_dav module in the Apache HTTP Server before 248 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request ...

NVD-CWE-noinfo http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?r1=1528718&r2=1556428&diff_format=h http://www.apache.org/dist/httpd/CHANGES_2.4.9 http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c http://www.ubuntu.com/usn/USN-2152-1 http://www.securityfocus.com/bid/66303 http://secunia.com/advisories/59345 http://secunia.com/advisories/59315 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1 http://secunia.com/advisories/58230 http://secunia.com/advisories/60536 http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html https://support.apple.com/kb/HT6535 http://marc.info/?l=bugtraq&m=141390017113542&w=2 http://www.vmware.com/security/advisories/VMSA-2014-0012.html http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://advisories.mageia.org/MGASA-2014-0135.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html https://support.apple.com/HT204659 http://www-01.ibm.com/support/docview.wss?uid=swg21676091 http://www-01.ibm.com/support/docview.wss?uid=swg21669554 http://www-01.ibm.com/support/docview.wss?uid=swg21676092 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://marc.info/?l=bugtraq&m=141017844705317&w=2 https://httpd.apache.org/security/vulnerabilities_24.html http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES http://security.gentoo.org/glsa/glsa-201408-12.xml https://puppet.com/security/cve/cve-2013-6438 http://www.securityfocus.com/archive/1/534161/100/0/threaded https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E https://usn.ubuntu.com/2152-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-6438

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook