Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to a ‘mod_dav crash’ vulnerability. Also known as CVE-2013-6438.
The XML parsing code in mod_dav (dav_xml_get_cdata) doesn’t calculate properly the end of the string when removing whitespace characters and places a NULL character outside the buffer.
Attackers could abuse this issue to cause a Denial of Service (DoS) through daemon crash that will cause random crashes.
They do that using a crafted DAV WRITE request.
It will cause a decrease in performance and interruptions in the availability of resources.
To fix CVE-2013-6438, upgrade the version of Apache HTTP Server being used to either 2.2.27 or 2.4.9.