← voltar
CVE-2013-6438

CVE-2013-6438

EPSS 26.8%
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://advisories.mageia.org/MGASA-2014-0135.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlhttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://marc.info/?l=bugtraq&m=141017844705317&w=2http://marc.info/?l=bugtraq&m=141390017113542&w=2https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1http://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/58230http://secunia.com/advisories/59315http://secunia.com/advisories/59345http://secunia.com/advisories/60536