CVE-2013-1896Improper Input Validation in Apache Http Server

CWE-20Improper Input Validation10 documents9 sources
Severity
4.3MEDIUMNVD
EPSS
38.6%
top 2.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Apache Http ServerCanonical Ubuntu LinuxOpensuse+6 more
Timeline
PublishedJul 10
Latest updateMay 13

Description

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages6 packages

NVDapache/http_server2.2.02.2.25+1
NVDopensuse/opensuse11.4, 12.2, 12.3+2

Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.04, Enterprise Linux 5.9, 6.4

Patches

Patch: svn.apache.orgPatch: svn.apache.org

🔴Vulnerability Details

3
GHSA
GHSA-g852-xcg2-2w9v: mod_dav2022-05-13
OSV
CVE-2013-1896: mod_dav2013-07-10
CVEList
CVE-2013-1896: mod_dav2013-07-10

📋Vendor Advisories

4
Ubuntu
Apache HTTP Server vulnerabilities2013-07-15
Cisco
Apache HTTP Server MERGE Request Denial of Service Vulnerability2013-07-11
Red Hat
httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav2013-05-23
Debian
CVE-2013-1896: apache2 - mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine wh...2013

💬Community

2
Bugzilla
httpd: CVE-2013-1896 httpd: mod_dav crash via a URI MERGE request with source URI not handled by mod_dav [fedora-all]2013-07-11
Bugzilla
CVE-2013-1896 httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav2013-07-11
CVE-2013-1896 — Improper Input Validation in Apache | cvebase