CVE-2013-6438
Published: 18 March 2014
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
lucid |
Released
(2.2.14-5ubuntu8.13)
|
precise |
Released
(2.2.22-1ubuntu1.5)
|
|
quantal |
Released
(2.2.22-6ubuntu2.4)
|
|
saucy |
Released
(2.4.6-2ubuntu2.2)
|
|
upstream |
Released
(2.4.8)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1556428 upstream: http://svn.apache.org/viewvc?view=revision&revision=1556816 upstream: http://svn.apache.org/viewvc?view=revision&revision=1576706 |