CVE ID
CVE-2013-6438
DESCRIPTION
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
Unitrends risk assessment: None if security updates applied
RESOLUTION
For CentOS6, Unitrends systems have httpd-2.2.15-54.el6.centos or later,
and this issue was fixed in httpd-2.2.15-30.el6_5
For CentOS5,