CVE-2013-1896

Apache HTTP Server < 2.2.25 - Denial of Service via mod_dav MERGE Request

Title source: llm
STIX 2.1

Description

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

References (39)

Core 39
Core References
Vendor Advisory x_refsource_confirm
https://httpd.apache.org/security/vulnerabilities_24.html
Third Party Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1209.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT6150
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1156.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1903-1
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1207.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/61129
Vendor Advisory x_refsource_confirm
http://www.apache.org/dist/httpd/Announcement2.2.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1208.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55032
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html

Scores

EPSS 0.2948
EPSS Percentile 98.0%

Details

Status published
Products (20)
apache/http_server 2.2.0 - 2.2.25
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.04
opensuse/opensuse 11.4
opensuse/opensuse 12.2
opensuse/opensuse 12.3
redhat/enterprise_linux_desktop 5.0
redhat/enterprise_linux_desktop 6.0
... and 10 more
Published Jul 10, 2013
Tracked Since Feb 18, 2026