Description

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

Remediation

References

CVE-2013-6438

Related Vulnerabilities

WordPress Plugin A Page Flip Book 'pageflipbook_language' Parameter Local File Include (2.3)

Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2022-48565)

XWiki Cleartext Storage of Sensitive Information Vulnerability (CVE-2023-50719)

WordPress Plugin BuddyPress Security Bypass (2.3.4)

MySQL CVE-2019-2495 Vulnerability (CVE-2019-2495)

Severity

Medium

Classification

CVE-2013-6438

Tags

Missing Update Known Vulnerabilities