[v2.3] CVE-2013-1896 apache2: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav
references:
http://s.apache.org/H1a
https://access.redhat.com/security/cve/CVE-2013-1896
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
(from redmine: issue id 2217, created on 2013-08-06, closed on 2013-08-30)
- Relations:
- parent #2214 (closed)
- Changesets:
- Revision 4b8d261b by Natanael Copa on 2013-08-08T10:52:47Z:
main/apache2: security upgrade to 2.2.25 (CVE-2013-1896)
fixes #2217