CVE-2013-6438
CVE-2013-6438
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://advisories.mageia.org/MGASA-2014-0135.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://marc.info/?l=bugtraq&m=141017844705317&w=2http://marc.info/?l=bugtraq&m=141390017113542&w=2https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1http://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/58230http://secunia.com/advisories/59315http://secunia.com/advisories/59345http://secunia.com/advisories/60536