CVE-2013-2249

Apache HTTP Server <2.4.5 - Unspecified Vuln

Title source: llm
STIX 2.1

Description

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

References (18)

Core 18
Core References
Broken Link, Vendor Advisory x_refsource_confirm
http://www.apache.org/dist/httpd/CHANGES_2.4.6
Third Party Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
Broken Link, Third Party Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-2249
Vendor Advisory x_refsource_confirm
https://httpd.apache.org/security/vulnerabilities_24.html

Scores

EPSS 0.1426
EPSS Percentile 96.2%

Details

Status published
Products (1)
apache/http_server 2.4.1 - 2.4.4
Published Jul 23, 2013
Tracked Since Feb 18, 2026