CVE-2013-2249
published 2013-07-23CVE-2013-2249: mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | 2.4.1 – 2.4.4 | — |
| apache | httpd | — | — |
| debian | apache2 | < apache2 2.4.6-1 (bookworm) | apache2 2.4.6-1 (bookworm) |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH