Apache – CVE-2013-6438


Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to a ‘mod_dav crash’ vulnerability. Also known as CVE-2013-6438.

The XML parsing code in mod_dav (dav_xml_get_cdata) doesn’t calculate properly the end of the string when removing whitespace characters and places a NULL character outside the buffer.

Attackers could abuse this issue to cause a Denial of Service (DoS) through daemon crash that will cause random crashes.
They do that using a crafted DAV WRITE request.

It will cause a decrease in performance and interruptions in the availability of resources.


To fix CVE-2013-6438, upgrade the version of Apache HTTP Server being used to either 2.2.27 or 2.4.9.



< Return to all Vulnerabilities

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »