Apache – CVE-2013-6438


Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to a ‘mod_dav crash’ vulnerability. Also known as CVE-2013-6438.

The XML parsing code in mod_dav (dav_xml_get_cdata) doesn’t calculate properly the end of the string when removing whitespace characters and places a NULL character outside the buffer.

Attackers could abuse this issue to cause a Denial of Service (DoS) through daemon crash that will cause random crashes.
They do that using a crafted DAV WRITE request.

It will cause a decrease in performance and interruptions in the availability of resources.


To fix CVE-2013-6438, upgrade the version of Apache HTTP Server being used to either 2.2.27 or 2.4.9.



< Return to all Vulnerabilities

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »


How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »


In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »