K14734: Apache HTTP server vulnerability CVE-2013-2249

Security Advisory Description modsessiondbd.c in the modsessiondbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors...

Apache 2.4.x < 2.4.6 Multiple Vulnerabilities

According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.6. It is, therefore, potentially affected by the following vulnerabilities : - A denial of service vulnerability exists relating to the 'moddav' module as it relates to MERGE requests. CVE-2013-1896 - ...

Fedora 19 : httpd-2.4.6-2.fc19 (2013-13994)

This update contains the latest release of the Apache HTTP Server, version 2.4.6. Two security issues are resolved in this update : - moddav: Sending a MERGE request against a URI handled by moddavsvn could trigger a segfault. CVE-2013-1896 - modsessiondbd: Make sure that dirty flag is respected...

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: moddav.c in the Apache HTTP Server before 2.4.6 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for...

Apache HTTP Server mod_session_dbd 远程安全漏洞(CVE-2013-2249)

BUGTRAQ ID: 61379 CVECAN ID: CVE-2013-2249 Apache HTTP Server是开源HTTP服务器。 Apache HTTP Server 2.4.6之前版本的modsessiondbd模块在保存会话过程中处理“脏旗标”时出错，存在远程安全漏洞，影响目前未知。 0 Apache 2.4.2 厂商补丁： Apache Group ------------ Apache Group已经为此发布了一个安全公告（Announcement2.4）以及相应补丁: Announcement2.4：Apache HTTP Server 2.4.6 Releas...

CVE-2013-2249

modsessiondbd.c in the modsessiondbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors...

CVE-2013-2249

modsessiondbd.c in the modsessiondbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors...

CVE-2013-2249

modsessiondbd.c in the modsessiondbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors...

CVE-2013-2249

CVE-2013-2249 concerns Apache HTTP Server’s mod_session_dbd. The issue arises when mod_session_dbd proceeds with save operations for a session without honoring the dirty flag or requiring a new session ID, as described in multiple sources. Public references indicate the vulnerability is associate...

CVE-2013-2249

modsessiondbd.c in the modsessiondbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors...

Apache 2.4.x < 2.4.5 Multiple Vulnerabilities

According to its banner, the version of Apache 2.4.x running on the remote host is prior to 2.4.5. It is, therefore, potentially affected by the following vulnerabilities : - A denial of service vulnerability exists relating to the 'moddav' module as it relates to MERGE requests. CVE-2013-1896 - ...

FreeBSD : apache24 -- several vulnerabilities (ca4d63fb-f15c-11e2-b183-20cf30e32f6d)

Apache HTTP SERVER PROJECT reports : moddav: Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault. modsessiondbd: Make sure that dirty flag is respected when...

apache24 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: moddav: Sending a MERGE request against a URI handled by moddavsvn with the source href sent as part of the request body as XML pointing to a URI that is not configured for DAV will trigger a segfault. modsessiondbd: Make sure that dirty flag is respected when...

Apache Httpd < 2.4.6 : mod_session_dbd session fixation flaw

A flaw in modsessiondbd caused it to proceed with save operations for a session without considering the dirty flag and the requirement for a new session ID...