Description
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
Remediation
References
Related Vulnerabilities
IBM WebSEAL Improper Input Validation Vulnerability (CVE-2020-4461)
Joomla Insufficient Verification of Data Authenticity Vulnerability (CVE-2020-15699)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2165)
WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)