Description
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
Remediation
References
Related Vulnerabilities
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17308)
Apache HTTP Server Use of Uninitialized Resource Vulnerability (CVE-2020-1934)
MySQL CVE-2017-3312 Vulnerability (CVE-2017-3312)
WordPress Plugin G-Lock Double Opt-in Manager 'ajaxbackend.php' SQL Injection (2.6.2)