Lucene search

CVE-2013-1896

🗓️ 10 Jul 2013 20:01:55Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 1079 Views🌐 WEB

Apache HTTP Server before 2.2.25 mod_dav.c Remote DoS CVE-2013-189

Reporter	Title	Published	Views	Family All 109
Check Point Advisories	Apache HTTP Server mod_dav MERGE Request Denial of Service - Ver2 (CVE-2013-1896)	28 Dec 201400:00	–	checkpoint_advisories
Check Point Advisories	Apache HTTP Server mod_dav MERGE Request Denial of Service (CVE-2013-1896)	1 Sep 201300:00	–	checkpoint_advisories
Oracle linux	httpd security update	13 Aug 201300:00	–	oraclelinux
Tenable Nessus	RHEL 5 / 6 : httpd (RHSA-2013:1156)	14 Aug 201300:00	–	nessus
Tenable Nessus	CentOS 5 / 6 : httpd (CESA-2013:1156)	14 Aug 201300:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : apache (MDVSA-2013:193)	12 Jul 201300:00	–	nessus
Tenable Nessus	Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20130813)	14 Aug 201300:00	–	nessus
Tenable Nessus	Oracle Linux 5 / 6 : httpd (ELSA-2013-1156)	14 Aug 201300:00	–	nessus
Tenable Nessus	IBM HTTP Server 8.5.0.0 <= 8.5.5.0 / 8.0.0.0 <= 8.0.0.6 / 7.0.0.0 <= 7.0.0.29 / 6.1.0.0 <= 6.1.0.45 (227047)	4 Jan 202100:00	–	nessus
Tenable Nessus	FreeBSD : apache24 -- several vulnerabilities (ca4d63fb-f15c-11e2-b183-20cf30e32f6d)	22 Jul 201300:00	–	nessus

Nvd

Node

apache http_serverRange2.2.0–2.2.25

apache http_serverRange2.4.1–2.4.6

Node

redhat jboss_enterprise_application_platformMatch6.0.0

redhat jboss_enterprise_application_platformMatch6.4.0

AND

redhat enterprise_linuxMatch5.0

redhat enterprise_linuxMatch6.0

Node

redhat enterprise_linux_desktopMatch5.0

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_eusMatch5.9

redhat enterprise_linux_eusMatch6.4

redhat enterprise_linux_serverMatch5.0

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_server_ausMatch5.9

redhat enterprise_linux_server_ausMatch6.4

redhat enterprise_linux_workstationMatch5.0

redhat enterprise_linux_workstationMatch6.0

Node

canonical ubuntu_linuxMatch10.04-

canonical ubuntu_linuxMatch12.04-

canonical ubuntu_linuxMatch12.10

canonical ubuntu_linuxMatch13.04

Node

opensuse opensuseMatch11.4

opensuse opensuseMatch12.2

opensuse opensuseMatch12.3

Source	Link
www-01	www.www-01.ibm.com/support/docview.wss
lists	www.lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E
lists	www.lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
rhn	www.rhn.redhat.com/errata/RHSA-2013-1209.html
lists	www.lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E
lists	www.lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E
lists	www.lists.opensuse.org/opensuse-updates/2013-08/msg00030.html
svn	www.svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c
ubuntu	www.ubuntu.com/usn/USN-1903-1
support	www.support.apple.com/kb/HT6150

Parameter	Position	Path	Description	CWE
href	path	/path/to/vulnerable/endpoint	mod_dav.c allows remote attackers to cause a denial of service via a crafted MERGE request due to improper URI handling.	CWE-20

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

10 Jul 2013 20:55Current

6.2Medium risk

Vulners AI Score6.2

CVSS24.3

EPSS0.50482