Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault.

CPENameOperatorVersion
apache httpdeq2.2.23
apache httpdeq2.2.22
apache httpdeq2.2.21
apache httpdeq2.2.20
apache httpdeq2.2.19
apache httpdeq2.2.18
apache httpdeq2.2.17
apache httpdeq2.2.16
apache httpdeq2.2.15
apache httpdeq2.2.14

Name	Operator	Version
apache httpd	eq	2.2.23
apache httpd	eq	2.2.22
apache httpd	eq	2.2.21
apache httpd	eq	2.2.20
apache httpd	eq	2.2.19
apache httpd	eq	2.2.18
apache httpd	eq	2.2.17
apache httpd	eq	2.2.16
apache httpd	eq	2.2.15
apache httpd	eq	2.2.14

Rows per page:

1-10 of 221

checkpoint_advisories 2

redhat 6

f5 2

securityvulns 4

openvas 21

nessus 37

cisco 1

oraclelinux 1

cve 1

mageia 2

veracode 1

ibm 6

httpd 1

prion 1

ubuntucve 1

centos 1

debiancve 1

seebug 1

fedora 2

freebsd 2

kaspersky 1

ubuntu 1

slackware 1

gentoo 1

suse 1

hackerone 2

checkpoint_advisories

Apache HTTP Server mod_dav MERGE Request Denial of Service (CVE-2013-1896)

2013-09-01 00:00:00

Apache HTTP Server mod_dav MERGE Request Denial of Service - Ver2 (CVE-2013-1896)

2014-12-28 00:00:00

redhat

(RHSA-2013:1156) Moderate: httpd security update

2013-08-13 00:00:00

(RHSA-2013:1134) Moderate: httpd security update

2013-08-05 15:32:30

(RHSA-2013:1133) Moderate: httpd security update

2013-08-05 15:27:06

K14733 : Apache HTTP server vulnerability CVE-2013-1896

2014-12-10 00:00:00

SOL14733 - Apache HTTP server vulnerability CVE-2013-1896

2013-10-04 00:00:00

securityvulns

[ MDVSA-2013:193 ] apache

2013-07-15 00:00:00

Apache security vulnerabilities

2013-07-15 00:00:00

Apple Mac OS X multiple security vulnerabilities

2014-02-28 00:00:00

openvas

CentOS Update for httpd CESA-2013:1156 centos5

2013-08-16 00:00:00

CentOS Update for httpd CESA-2013:1156 centos6

2013-08-16 00:00:00

Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability - Windows

2013-08-21 00:00:00

nessus

IBM HTTP Server 8.5.0.0 <= 8.5.5.0 / 8.0.0.0 <= 8.0.0.6 / 7.0.0.0 <= 7.0.0.29 / 6.1.0.0 <= 6.1.0.45 (227047)

2021-01-04 00:00:00

RHEL 5 / 6 : httpd (RHSA-2013:1156)

2013-08-14 00:00:00

CentOS 5 / 6 : httpd (CESA-2013:1156)

2013-08-14 00:00:00

cisco

Apache HTTP Server MERGE Request Denial of Service Vulnerability

2013-07-11 17:33:19

oraclelinux

httpd security update

2013-08-13 00:00:00

cve

CVE-2013-1896

2013-07-10 20:55:00

mageia

Updated apache packages fix CVE-2013-1896

2013-07-26 15:34:30

Updated apache packages fix security vulnerabilities

2013-07-26 15:36:22

veracode

Denial Of Service (DoS)

2019-01-15 08:57:40

ibm

Security Bulletin: Potential Security exposure in IBM HTTP Server CVE-2013-1896 PM89996

2022-09-25 21:06:56

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.7

2022-09-25 21:06:56

Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.31

2018-06-15 06:59:10

httpd

Apache Httpd < 2.4.6 : mod_dav crash

2013-03-07 00:00:00

prion

Design/Logic Flaw

2013-07-10 20:55:00

ubuntucve

CVE-2013-1896

2013-07-10 00:00:00

centos

httpd, mod_ssl security update

2013-08-13 17:32:49

debiancve

CVE-2013-1896

2013-07-10 20:55:00

seebug

Apache HTTP Server mod_dav.c 拒绝服务漏洞(CVE-2013-1896)

2013-07-17 00:00:00

fedora

[SECURITY] Fedora 19 Update: httpd-2.4.6-2.fc19

2013-08-09 17:11:09

[SECURITY] Fedora 18 Update: httpd-2.4.6-2.fc18

2013-08-16 23:03:32

freebsd

apache22 -- several vulnerabilities

2013-06-21 00:00:00

apache24 -- several vulnerabilities

2013-07-11 00:00:00

kaspersky

KLA10068 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

ubuntu

Apache HTTP Server vulnerabilities

2013-07-15 00:00:00

slackware

[slackware-security] httpd

2013-08-06 07:20:43

gentoo

Apache HTTP Server: Multiple vulnerabilities

2013-09-23 00:00:00

suse

Security update for apache2 (important)

2014-09-02 21:04:17

hackerone

Marktplaats: Multiple Apache 2.2.22 Vulnerabilities (XSS/ Code Exec/ DoS)

2015-06-09 17:47:58

U.S. Dept Of Defense: Out-of-date Version (Apache)

2016-11-24 15:09:27

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.958 High

EPSS

Percentile

99.4%

JSON

Related for HTTPD:0F6B8D022A5D1C68540812E406264625