[v2.5] CVE-2013-1896 apache2: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav
references:
http://s.apache.org/H1a
https://access.redhat.com/security/cve/CVE-2013-1896
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
(from redmine: issue id 2215, created on 2013-08-06, closed on 2013-08-30)
- Relations:
- parent #2214 (closed)
- Changesets:
- Revision 3015e5e4 by Natanael Copa on 2013-08-08T10:53:10Z:
main/apache2: security upgrade to 2.4.6 (CVE-2013-1896)
fixes #2215