mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

OSVersionArchitecturePackageVersionFilename
Debian12allapache2< 2.4.6-1apache2_2.4.6-1_all.deb
Debian11allapache2< 2.4.6-1apache2_2.4.6-1_all.deb
Debian10allapache2< 2.4.6-1apache2_2.4.6-1_all.deb
Debian999allapache2< 2.4.6-1apache2_2.4.6-1_all.deb
Debian13allapache2< 2.4.6-1apache2_2.4.6-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	apache2	< 2.4.6-1	apache2_2.4.6-1_all.deb
Debian	11	all	apache2	< 2.4.6-1	apache2_2.4.6-1_all.deb
Debian	10	all	apache2	< 2.4.6-1	apache2_2.4.6-1_all.deb
Debian	999	all	apache2	< 2.4.6-1	apache2_2.4.6-1_all.deb
Debian	13	all	apache2	< 2.4.6-1	apache2_2.4.6-1_all.deb

checkpoint_advisories 2

nessus 37

f5 2

oraclelinux 1

openvas 21

httpd 2

cve 1

mageia 2

redhat 6

securityvulns 4

cisco 1

veracode 1

ibm 6

prion 1

ubuntucve 1

seebug 1

centos 1

fedora 2

freebsd 2

kaspersky 1

ubuntu 1

slackware 1

gentoo 1

suse 1

hackerone 2

checkpoint_advisories

Apache HTTP Server mod_dav MERGE Request Denial of Service - Ver2 (CVE-2013-1896)

2014-12-28 00:00:00

Apache HTTP Server mod_dav MERGE Request Denial of Service (CVE-2013-1896)

2013-09-01 00:00:00

nessus

RHEL 5 / 6 : httpd (RHSA-2013:1156)

2013-08-14 00:00:00

CentOS 5 / 6 : httpd (CESA-2013:1156)

2013-08-14 00:00:00

IBM HTTP Server 8.5.0.0 <= 8.5.5.0 / 8.0.0.0 <= 8.0.0.6 / 7.0.0.0 <= 7.0.0.29 / 6.1.0.0 <= 6.1.0.45 (227047)

2021-01-04 00:00:00

SOL14733 - Apache HTTP server vulnerability CVE-2013-1896

2013-10-04 00:00:00

K14733 : Apache HTTP server vulnerability CVE-2013-1896

2014-12-10 00:00:00

oraclelinux

httpd security update

2013-08-13 00:00:00

openvas

Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability - Windows

2013-08-21 00:00:00

Oracle: Security Advisory (ELSA-2013-1156)

2015-10-06 00:00:00

CentOS Update for httpd CESA-2013:1156 centos5

2013-08-16 00:00:00

httpd

Apache Httpd < 2.2.25 : mod_dav crash

2013-03-07 00:00:00

Apache Httpd < 2.4.6 : mod_dav crash

2013-03-07 00:00:00

cve

CVE-2013-1896

2013-07-10 20:55:00

mageia

Updated apache packages fix CVE-2013-1896

2013-07-26 15:34:30

Updated apache packages fix security vulnerabilities

2013-07-26 15:36:22

redhat

(RHSA-2013:1156) Moderate: httpd security update

2013-08-13 00:00:00

(RHSA-2013:1134) Moderate: httpd security update

2013-08-05 15:32:30

(RHSA-2013:1133) Moderate: httpd security update

2013-08-05 15:27:06

securityvulns

[ MDVSA-2013:193 ] apache

2013-07-15 00:00:00

Apache security vulnerabilities

2013-07-15 00:00:00

Apple Mac OS X multiple security vulnerabilities

2014-02-28 00:00:00

cisco

Apache HTTP Server MERGE Request Denial of Service Vulnerability

2013-07-11 17:33:19

veracode

Denial Of Service (DoS)

2019-01-15 08:57:40

ibm

Security Bulletin: Potential Security exposure in IBM HTTP Server CVE-2013-1896 PM89996

2022-09-25 21:06:56

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.7

2022-09-25 21:06:56

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.31

2018-06-15 06:59:10

prion

Design/Logic Flaw

2013-07-10 20:55:00

ubuntucve

CVE-2013-1896

2013-07-10 00:00:00

seebug

Apache HTTP Server mod_dav.c 拒绝服务漏洞(CVE-2013-1896)

2013-07-17 00:00:00

centos

httpd, mod_ssl security update

2013-08-13 17:32:49

fedora

[SECURITY] Fedora 19 Update: httpd-2.4.6-2.fc19

2013-08-09 17:11:09

[SECURITY] Fedora 18 Update: httpd-2.4.6-2.fc18

2013-08-16 23:03:32

freebsd

apache22 -- several vulnerabilities

2013-06-21 00:00:00

apache24 -- several vulnerabilities

2013-07-11 00:00:00

kaspersky

KLA10068 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

ubuntu

Apache HTTP Server vulnerabilities

2013-07-15 00:00:00

slackware

[slackware-security] httpd

2013-08-06 07:20:43

gentoo

Apache HTTP Server: Multiple vulnerabilities

2013-09-23 00:00:00

suse

Security update for apache2 (important)

2014-09-02 21:04:17

hackerone

Marktplaats: Multiple Apache 2.2.22 Vulnerabilities (XSS/ Code Exec/ DoS)

2015-06-09 17:47:58

U.S. Dept Of Defense: Out-of-date Version (Apache)

2016-11-24 15:09:27

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.958 High

EPSS

Percentile

99.4%

JSON

Related for DEBIANCVE:CVE-2013-1896