QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2013-1896

Back to search

CVE-2013-1896

Published: Jul 10, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

VendorProductVersions

n/a

n/a

affected
n/a

References

SSRT101288
vendor-advisory
x_refsource_HP
RHSA-2013:1209
vendor-advisory
x_refsource_REDHAT
oval:org.mitre.oval:def:18835
vdb-entry
signature
x_refsource_OVAL
openSUSE-SU-2013:1340
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:19747
vdb-entry
signature
x_refsource_OVAL
RHSA-2013:1156
vendor-advisory
x_refsource_REDHAT
USN-1903-1
vendor-advisory
x_refsource_UBUNTU
HPSBUX02927
vendor-advisory
x_refsource_HP
RHSA-2013:1207
vendor-advisory
x_refsource_REDHAT
61129
vdb-entry
x_refsource_BID
RHSA-2013:1208
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2013:1341
vendor-advisory
x_refsource_SUSE
55032
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2013:1337
vendor-advisory
x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now