Description

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

Remediation

References

CVE-2013-6438

Related Vulnerabilities

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17308)

Apache HTTP Server Use of Uninitialized Resource Vulnerability (CVE-2020-1934)

MySQL CVE-2017-3312 Vulnerability (CVE-2017-3312)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-29205)

WordPress Plugin G-Lock Double Opt-in Manager 'ajaxbackend.php' SQL Injection (2.6.2)

Severity

Medium

Classification

CVE-2013-6438

Tags

Missing Update Known Vulnerabilities