← volver
CVE-2013-6438

CVE-2013-6438

EPSS 26.8%
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://advisories.mageia.org/MGASA-2014-0135.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://marc.info/?l=bugtraq&m=141017844705317&w=2http://marc.info/?l=bugtraq&m=141390017113542&w=2https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1http://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/58230http://secunia.com/advisories/59315http://secunia.com/advisories/59345http://secunia.com/advisories/60536