CentOS Update For Httpd CESA-2013:1156 Centos5 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The Apache HTTP Server is a popular web server. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash. (CVE-2013-1896) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon will be restarted automatically.

Affected

httpd on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2013-August/019903.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1896

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1164 (tomcat)
CentOS Update for apache CESA-2008:0004-01 centos2 i386
CentOS Security Advisory CESA-2009:0437 (seamonkey)
CentOS Update for 389-ds-base CESA-2013:0628 centos6
CentOS Security Advisory CESA-2009:1535 (pidgin)

CentOS Update for httpd CESA-2013:1156 centos5

Take action and discover your vulnerabilities