Computer Security
[EN] securityvulns.ru no-pyccku


Apache security vulnerabilities
Published:15.07.2013
Source:
SecurityVulns ID:13173
Type:remote
Threat Level:
5/10
Description:mod_dav malformed MERGE request crash, mod_rewrite log manipulation.
Affected:APACHE : Apache 2.2
CVE:CVE-2013-2249 (mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.)
 CVE-2013-1896 (mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.)
 CVE-2013-1862 (mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.)
Original documentdocumentMANDRIVA, [ MDVSA-2013:193 ] apache (15.07.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod