Apache – CVE-2013-6438

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to a ‘mod_dav crash’ vulnerability. Also known as CVE-2013-6438.

The XML parsing code in mod_dav (dav_xml_get_cdata) doesn’t calculate properly the end of the string when removing whitespace characters and places a NULL character outside the buffer.

Attackers could abuse this issue to cause a Denial of Service (DoS) through daemon crash that will cause random crashes.
They do that using a crafted DAV WRITE request.

It will cause a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2013-6438, upgrade the version of Apache HTTP Server being used to either 2.2.27 or 2.4.9.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438

< Return to all Vulnerabilities

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »