Description
Kayran has detected a flaw in the version of Apache HTTP Server being used.
This vulnerability could lead to a denial of service attack. Also known as CVE-2013-2249.
By abusing a flaw in mod_session_dbd, a denial of service vulnerability is possible.
The program doesn’t release or doesn’t properly release a certain resource and proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID.
This has could impact the confidentiality, integrity, and availability of resources, as well as other remote attack vectors.
Severity/Score
CVSS Version 2.0 – 7.5 High
Recommendation
To fix CVE-2013-2249, upgrade the version of Apache Server being used to 2.4.6.