Description

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

Remediation

References

CVE-2013-6438

Related Vulnerabilities

WordPress Plugin File Manager Unspecified Vulnerability (5.1.5)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10704)

MySQL CVE-2021-2293 Vulnerability (CVE-2021-2293)

WordPress Plugin HashThemes Demo Importer Security Bypass (1.1.1)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14241)

Severity

Medium

Classification

CVE-2013-6438

Tags

Missing Update Known Vulnerabilities