Security Advisory

CVE-2013-6438

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-03-18 01:00:00

Last updated 2024-08-06 17:39:01

Assigner redhat

State PUBLISHED

Description

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

← Browse all CVEs View on cve.org ↗