Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6438

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-6438
Last Modified 15 May 2015 09:59:08
Published 18 Mar 2014 01:18:18
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-6438

Summary

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

Vulnerable Systems

Application

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.34

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52

  • Apache Http Server 2.0.53

  • Apache Http Server 2.0.54

  • Apache Http Server 2.0.55

  • Apache Http Server 2.0.56

  • Apache Http Server 2.0.57

  • Apache Http Server 2.0.58

  • Apache Http Server 2.0.59

  • Apache Http Server 2.0.60

  • Apache Http Server 2.0.61

  • Apache Http Server 2.0.63

  • Apache Http Server 2.0.64

  • Apache Http Server 2.0.9

  • Apache Http Server 2.1

  • Apache Http Server 2.1.1

  • Apache Http Server 2.1.2

  • Apache Http Server 2.1.3

  • Apache Http Server 2.1.4

  • Apache Http Server 2.1.5

  • Apache Http Server 2.1.6

  • Apache Http Server 2.1.7

  • Apache Http Server 2.1.8

  • Apache Http Server 2.1.9

  • Apache Http Server 2.2

  • Apache Http Server 2.2.0

  • Apache Http Server 2.2.1

  • Apache Http Server 2.2.10

  • Apache Http Server 2.2.11

  • Apache Http Server 2.2.12

  • Apache Http Server 2.2.13

  • Apache Http Server 2.2.14

  • Apache Http Server 2.2.15

  • Apache Http Server 2.2.16

  • Apache Http Server 2.2.17

  • Apache Http Server 2.2.18

  • Apache Http Server 2.2.19

  • Apache Http Server 2.2.2

  • Apache Http Server 2.2.20

  • Apache Http Server 2.2.21

  • Apache Http Server 2.2.22

  • Apache Http Server 2.2.23

  • Apache Http Server 2.2.24

  • Apache Http Server 2.2.25

  • Apache Http Server 2.2.3

  • Apache Http Server 2.2.4

  • Apache Http Server 2.2.6

  • Apache Http Server 2.2.8

  • Apache Http Server 2.2.9

  • Apache Http Server 2.3.0

  • Apache Http Server 2.3.1

  • Apache Http Server 2.3.10

  • Apache Http Server 2.3.11

  • Apache Http Server 2.3.12

  • Apache Http Server 2.3.13

  • Apache Http Server 2.3.14

  • Apache Http Server 2.3.15

  • Apache Http Server 2.3.16

  • Apache Http Server 2.3.2

  • Apache Http Server 2.3.3

  • Apache Http Server 2.3.4

  • Apache Http Server 2.3.5

  • Apache Http Server 2.3.6

  • Apache Http Server 2.3.7

  • Apache Http Server 2.3.8

  • Apache Http Server 2.3.9

  • Apache Http Server 2.4.0

  • Apache Http Server 2.4.1

  • Apache Http Server 2.4.2

  • Apache Http Server 2.4.3

  • Apache Http Server 2.4.4

  • Apache Http Server 2.4.6

  • Apache Http Server 2.4.7


References

CONFIRM - http://www.apache.org/dist/httpd/CHANGES_2.4.9

CONFIRM - http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?r1=1528718&r2=1556428&diff_format=h

CONFIRM - http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c

UBUNTU - USN-2152-1

BID - 66303

SECUNIA - 59345

SECUNIA - 59315

CONFIRM - https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

SECUNIA - 58230

SECUNIA - 60536

CONFIRM - https://support.apple.com/kb/HT6535

APPLE - APPLE-SA-2014-10-16-1

HP - HPSBUX03150

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2014-0012.html

BUGTRAQ - 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

CONFIRM - http://advisories.mageia.org/MGASA-2014-0135.html

CONFIRM - https://support.apple.com/HT204659

APPLE - APPLE-SA-2015-04-08-2

BUGTRAQ - 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE

MISC - http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676092

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21676091

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21669554

Related Patches

Apple 2015-004 Security Update for Mac OS X 10.8.5 (HT204659)

Apple 2015-004 Security Update for Mac OS X 10.9.5 (HT204659)

Apple Yosemite 10.10.3 Update (Combo) for Mac OS X (HT204659)

Apple Yosemite 10.10.3 Update for Mac OS X (HT204659)


Last Updated: 27 May 2016 11:04:42