Apache – CVE-2013-6438

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to a ‘mod_dav crash’ vulnerability. Also known as CVE-2013-6438.

The XML parsing code in mod_dav (dav_xml_get_cdata) doesn’t calculate properly the end of the string when removing whitespace characters and places a NULL character outside the buffer.

Attackers could abuse this issue to cause a Denial of Service (DoS) through daemon crash that will cause random crashes.
They do that using a crafted DAV WRITE request.

It will cause a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2013-6438, upgrade the version of Apache HTTP Server being used to either 2.2.27 or 2.4.9.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438

< Return to all Vulnerabilities

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »