CVE-2013-6438 httpd: mod_dav denial of service via crafted DAV WRITE request

CVE ID

CVE-2013-6438

DESCRIPTION

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

Unitrends risk assessment: None if security updates applied
 

RESOLUTION

For CentOS6, Unitrends systems have httpd-2.2.15-54.el6.centos or later, 
and this issue was fixed in httpd-2.2.15-30.el6_5
For CentOS5, 

LINK TO ADVISORIES

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section