CVE-2013-1896 - mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled

CVE-2013-1896

Summary

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

References

Vulnerable Configurations

cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.15-60:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.15-60:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 13-02-2023 - 00:28)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

oval via4

accepted

2015-05-04T04:00:11.399-04:00

class

vulnerability

contributors

name Sergey Artykhov
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment	VisualSVN Server is installed
oval	oval:org.mitre.oval:def:18636

description

family

windows

oval:org.mitre.oval:def:18835

status

accepted

submitted

2013-10-02T13:00:00

title

Apache HTTP vulnerability before 2.2.25 in VisualSVN Server (CVE-2013-1896)

version

accepted

2015-04-20T04:01:44.040-04:00

class

vulnerability

contributors

name Ganesh Manal
organization Hewlett-Packard
name Sushant Kumar Singh
organization Hewlett-Packard
name Prashant Kumar
organization Hewlett-Packard
name Mike Cokus
organization The MITRE Corporation

description

family

unix

oval:org.mitre.oval:def:19747

status

accepted

submitted

2013-11-22T11:43:28.000-05:00

title

HP-UX Apache Web Server, Remote Execution of Arbitrary Code, Denial of Service (DoS)

version

redhat via4

advisories

bugzilla

id	983549
title	CVE-2013-1896 httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 5 is installed
oval oval:com.redhat.rhba:tst:20070331005

AND
comment httpd is earlier than 0:2.2.3-82.el5_9
oval oval:com.redhat.rhsa:tst:20131156001
comment httpd is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070556002
AND
comment httpd-devel is earlier than 0:2.2.3-82.el5_9
oval oval:com.redhat.rhsa:tst:20131156003
comment httpd-devel is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070556004
AND
comment httpd-manual is earlier than 0:2.2.3-82.el5_9
oval oval:com.redhat.rhsa:tst:20131156005
comment httpd-manual is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070556006
AND
comment mod_ssl is earlier than 1:2.2.3-82.el5_9
oval oval:com.redhat.rhsa:tst:20131156007
comment mod_ssl is signed with Red Hat redhatrelease key
oval oval:com.redhat.rhsa:tst:20070556008

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment httpd is earlier than 0:2.2.15-29.el6_4
oval oval:com.redhat.rhsa:tst:20131156010
comment httpd is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194002
AND
comment httpd-devel is earlier than 0:2.2.15-29.el6_4
oval oval:com.redhat.rhsa:tst:20131156012
comment httpd-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194004

AND

comment httpd-manual is earlier than 0:2.2.15-29.el6_4
oval oval:com.redhat.rhsa:tst:20131156014
comment httpd-manual is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194006

AND
comment httpd-tools is earlier than 0:2.2.15-29.el6_4
oval oval:com.redhat.rhsa:tst:20131156016
comment httpd-tools is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194008
AND
comment mod_ssl is earlier than 1:2.2.15-29.el6_4
oval oval:com.redhat.rhsa:tst:20131156018
comment mod_ssl is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20152194016

rhsa

id	RHSA-2013:1156
released	2013-08-13
severity	Moderate
title	RHSA-2013:1156: httpd security update (Moderate)

rhsa
id RHSA-2013:1207
rhsa
id RHSA-2013:1208
rhsa
id RHSA-2013:1209

rpms

httpd-0:2.2.22-25.ep6.el5
httpd-0:2.2.22-25.ep6.el6
httpd-debuginfo-0:2.2.22-25.ep6.el5
httpd-debuginfo-0:2.2.22-25.ep6.el6
httpd-devel-0:2.2.22-25.ep6.el5
httpd-devel-0:2.2.22-25.ep6.el6
httpd-manual-0:2.2.22-25.ep6.el5
httpd-manual-0:2.2.22-25.ep6.el6
httpd-tools-0:2.2.22-25.ep6.el5
httpd-tools-0:2.2.22-25.ep6.el6
mod_ssl-1:2.2.22-25.ep6.el5
mod_ssl-1:2.2.22-25.ep6.el6
httpd-0:2.2.15-29.el6_4
httpd-0:2.2.3-82.el5_9
httpd-debuginfo-0:2.2.15-29.el6_4
httpd-debuginfo-0:2.2.3-82.el5_9
httpd-devel-0:2.2.15-29.el6_4
httpd-devel-0:2.2.3-82.el5_9
httpd-manual-0:2.2.15-29.el6_4
httpd-manual-0:2.2.3-82.el5_9
httpd-tools-0:2.2.15-29.el6_4
mod_ssl-1:2.2.15-29.el6_4
mod_ssl-1:2.2.3-82.el5_9
apache-commons-beanutils-0:1.8.3-12.redhat_3.2.ep6.el5
apache-commons-daemon-jsvc-eap6-1:1.0.15-2.redhat_2.ep6.el5
apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-2.redhat_2.ep6.el5
apache-cxf-0:2.6.8-8.redhat_7.1.ep6.el5
apache-cxf-xjc-utils-0:2.6.0-2.redhat_4.1.ep6.el5
cxf-xjc-boolean-0:2.6.0-2.redhat_4.1.ep6.el5
cxf-xjc-dv-0:2.6.0-2.redhat_4.1.ep6.el5
cxf-xjc-ts-0:2.6.0-2.redhat_4.1.ep6.el5
hibernate4-0:4.2.0-11.SP1_redhat_1.ep6.el5
hibernate4-core-0:4.2.0-11.SP1_redhat_1.ep6.el5
hibernate4-entitymanager-0:4.2.0-11.SP1_redhat_1.ep6.el5
hibernate4-envers-0:4.2.0-11.SP1_redhat_1.ep6.el5
hibernate4-infinispan-0:4.2.0-11.SP1_redhat_1.ep6.el5
hornetq-0:2.3.5-2.Final_redhat_2.1.ep6.el5
hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el5
hornetq-native-debuginfo-0:2.3.5-1.Final_redhat_1.ep6.el5
httpd-0:2.2.22-25.ep6.el5
httpd-debuginfo-0:2.2.22-25.ep6.el5
httpd-devel-0:2.2.22-25.ep6.el5
httpd-manual-0:2.2.22-25.ep6.el5
httpd-tools-0:2.2.22-25.ep6.el5
infinispan-0:5.2.7-1.Final_redhat_1.ep6.el5
infinispan-cachestore-jdbc-0:5.2.7-1.Final_redhat_1.ep6.el5
infinispan-cachestore-remote-0:5.2.7-1.Final_redhat_1.ep6.el5
infinispan-client-hotrod-0:5.2.7-1.Final_redhat_1.ep6.el5
infinispan-core-0:5.2.7-1.Final_redhat_1.ep6.el5
ironjacamar-0:1.0.19-1.Final_redhat_2.ep6.el5
ironjacamar-common-api-0:1.0.19-1.Final_redhat_2.ep6.el5
ironjacamar-common-impl-0:1.0.19-1.Final_redhat_2.ep6.el5
ironjacamar-common-spi-0:1.0.19-1.Final_redhat_2.ep6.el5
ironjacamar-core-api-0:1.0.19-1.Final_redhat_2.ep6.el5
ironjacamar-core-impl-0:1.0.19-1.Final_redhat_2.ep6.el5
ironjacamar-deployers-common-0:1.0.19-1.Final_redhat_2.ep6.el5
ironjacamar-jdbc-0:1.0.19-1.Final_redhat_2.ep6.el5
ironjacamar-spec-api-0:1.0.19-1.Final_redhat_2.ep6.el5
ironjacamar-validator-0:1.0.19-1.Final_redhat_2.ep6.el5
jaxbintros-0:1.0.2-16.GA_redhat_6.ep6.el5
jboss-aesh-0:0.33.7-2.redhat_2.1.ep6.el5
jboss-as-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-cli-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-client-all-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-clustering-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-cmp-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-connector-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-console-0:1.5.6-2.Final_redhat_2.1.ep6.el5
jboss-as-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-controller-client-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-deployment-repository-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-deployment-scanner-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-domain-http-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-domain-management-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-ee-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-ee-deployment-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-ejb3-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-embedded-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-host-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-jacorb-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-jaxr-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-jaxrs-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-jdr-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-jpa-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-jsf-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-jsr77-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-logging-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-mail-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-management-client-content-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-messaging-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-modcluster-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-naming-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-network-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-osgi-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-osgi-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-osgi-service-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-platform-mbean-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-pojo-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-process-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-protocol-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-remoting-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-sar-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-security-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-server-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-system-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-threads-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-transactions-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-version-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-web-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-webservices-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-weld-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-as-xts-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jboss-ejb-client-0:1.0.23-1.Final_redhat_1.ep6.el5
jboss-hal-0:1.5.7-1.Final_redhat_1.1.ep6.el5
jboss-invocation-0:1.1.2-1.Final_redhat_1.ep6.el5
jboss-jsp-api_2.2_spec-0:1.0.1-6.Final_redhat_2.ep6.el5
jboss-logmanager-0:1.4.3-1.Final_redhat_1.ep6.el5
jboss-marshalling-0:1.3.18-2.GA_redhat_1.1.ep6.el5
jboss-modules-0:1.2.2-1.Final_redhat_1.ep6.el5
jboss-remote-naming-0:1.0.7-1.Final_redhat_1.ep6.el5
jboss-security-negotiation-0:2.2.5-2.Final_redhat_2.ep6.el5
jboss-stdio-0:1.0.2-1.GA_redhat_1.ep6.el5
jbossas-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jbossas-bundles-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jbossas-core-0:7.2.1-6.Final_redhat_10.1.ep6.el5
jbossas-domain-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jbossas-hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el5
jbossas-javadocs-0:7.2.1-2.Final_redhat_10.ep6.el5
jbossas-modules-eap-0:7.2.1-9.Final_redhat_10.1.ep6.el5
jbossas-product-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jbossas-standalone-0:7.2.1-6.Final_redhat_10.1.ep6.el5
jbossas-welcome-content-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el5
jbossts-1:4.17.7-4.Final_redhat_4.ep6.el5
jbossweb-0:7.2.2-1.Final_redhat_1.1.ep6.el5
jbossws-common-0:2.1.3-1.Final_redhat_1.ep6.el5
jbossws-cxf-0:4.1.4-7.Final_redhat_7.ep6.el5
jbossws-spi-0:2.1.3-1.Final_redhat_1.ep6.el5
jcip-annotations-eap6-0:1.0-4.redhat_4.ep6.el5
jgroups-1:3.2.10-1.Final_redhat_2.2.ep6.el5
log4j-jboss-logmanager-0:1.0.2-1.Final_redhat_1.ep6.el5
mod_ssl-1:2.2.22-25.ep6.el5
netty-0:3.6.6-3.Final_redhat_1.1.ep6.el5
opensaml-0:2.5.1-2.redhat_2.1.ep6.el5
openws-0:1.4.2-10.redhat_4.1.ep6.el5
picketbox-0:4.0.17-3.SP2_redhat_2.1.ep6.el5
picketlink-federation-0:2.1.6.3-2.Final_redhat_2.2.ep6.el5
wss4j-0:1.6.10-1.redhat_1.ep6.el5
xml-security-0:1.5.5-1.redhat_1.ep6.el5
apache-commons-beanutils-0:1.8.3-12.redhat_3.2.ep6.el6
apache-commons-daemon-jsvc-eap6-1:1.0.15-2.redhat_2.ep6.el6
apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-2.redhat_2.ep6.el6
apache-cxf-0:2.6.8-8.redhat_7.1.ep6.el6
apache-cxf-xjc-utils-0:2.6.0-2.redhat_4.1.ep6.el6
cxf-xjc-boolean-0:2.6.0-2.redhat_4.1.ep6.el6
cxf-xjc-dv-0:2.6.0-2.redhat_4.1.ep6.el6
cxf-xjc-ts-0:2.6.0-2.redhat_4.1.ep6.el6
hibernate4-0:4.2.0-7.SP1_redhat_1.ep6.el6
hibernate4-core-0:4.2.0-7.SP1_redhat_1.ep6.el6
hibernate4-entitymanager-0:4.2.0-7.SP1_redhat_1.ep6.el6
hibernate4-envers-0:4.2.0-7.SP1_redhat_1.ep6.el6
hibernate4-infinispan-0:4.2.0-7.SP1_redhat_1.ep6.el6
hornetq-0:2.3.5-2.Final_redhat_2.1.ep6.el6
hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el6
hornetq-native-debuginfo-0:2.3.5-1.Final_redhat_1.ep6.el6
httpd-0:2.2.22-25.ep6.el6
httpd-debuginfo-0:2.2.22-25.ep6.el6
httpd-devel-0:2.2.22-25.ep6.el6
httpd-manual-0:2.2.22-25.ep6.el6
httpd-tools-0:2.2.22-25.ep6.el6
infinispan-0:5.2.7-1.Final_redhat_1.ep6.el6
infinispan-cachestore-jdbc-0:5.2.7-1.Final_redhat_1.ep6.el6
infinispan-cachestore-remote-0:5.2.7-1.Final_redhat_1.ep6.el6
infinispan-client-hotrod-0:5.2.7-1.Final_redhat_1.ep6.el6
infinispan-core-0:5.2.7-1.Final_redhat_1.ep6.el6
ironjacamar-0:1.0.19-1.Final_redhat_2.ep6.el6
ironjacamar-common-api-0:1.0.19-1.Final_redhat_2.ep6.el6
ironjacamar-common-impl-0:1.0.19-1.Final_redhat_2.ep6.el6
ironjacamar-common-spi-0:1.0.19-1.Final_redhat_2.ep6.el6
ironjacamar-core-api-0:1.0.19-1.Final_redhat_2.ep6.el6
ironjacamar-core-impl-0:1.0.19-1.Final_redhat_2.ep6.el6
ironjacamar-deployers-common-0:1.0.19-1.Final_redhat_2.ep6.el6
ironjacamar-jdbc-0:1.0.19-1.Final_redhat_2.ep6.el6
ironjacamar-spec-api-0:1.0.19-1.Final_redhat_2.ep6.el6
ironjacamar-validator-0:1.0.19-1.Final_redhat_2.ep6.el6
jaxbintros-0:1.0.2-16.GA_redhat_6.ep6.el6
jboss-aesh-0:0.33.7-2.redhat_2.1.ep6.el6
jboss-as-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-cli-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-client-all-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-clustering-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-cmp-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-connector-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-console-0:1.5.6-2.Final_redhat_2.1.ep6.el6
jboss-as-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-controller-client-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-deployment-repository-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-deployment-scanner-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-domain-http-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-domain-management-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-ee-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-ee-deployment-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-ejb3-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-embedded-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-host-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-jacorb-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-jaxr-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-jaxrs-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-jdr-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-jpa-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-jsf-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-jsr77-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-logging-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-mail-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-management-client-content-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-messaging-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-modcluster-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-naming-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-network-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-osgi-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-osgi-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-osgi-service-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-platform-mbean-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-pojo-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-process-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-protocol-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-remoting-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-sar-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-security-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-server-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-system-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-threads-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-transactions-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-version-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-web-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-webservices-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-weld-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-as-xts-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jboss-ejb-client-0:1.0.23-1.Final_redhat_1.ep6.el6
jboss-hal-0:1.5.7-1.Final_redhat_1.1.ep6.el6
jboss-invocation-0:1.1.2-1.Final_redhat_1.ep6.el6
jboss-jsp-api_2.2_spec-0:1.0.1-6.Final_redhat_2.ep6.el6
jboss-logmanager-0:1.4.3-1.Final_redhat_1.ep6.el6
jboss-marshalling-0:1.3.18-1.GA_redhat_1.1.ep6.el6
jboss-modules-0:1.2.2-1.Final_redhat_1.ep6.el6
jboss-remote-naming-0:1.0.7-1.Final_redhat_1.ep6.el6
jboss-security-negotiation-0:2.2.5-2.Final_redhat_2.ep6.el6
jboss-stdio-0:1.0.2-1.GA_redhat_1.ep6.el6
jbossas-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jbossas-bundles-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jbossas-core-0:7.2.1-6.Final_redhat_10.1.ep6.el6
jbossas-domain-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jbossas-hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el6
jbossas-javadocs-0:7.2.1-2.Final_redhat_10.ep6.el6
jbossas-modules-eap-0:7.2.1-9.Final_redhat_10.1.ep6.el6
jbossas-product-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jbossas-standalone-0:7.2.1-6.Final_redhat_10.1.ep6.el6
jbossas-welcome-content-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el6
jbossts-1:4.17.7-4.Final_redhat_4.ep6.el6
jbossweb-0:7.2.2-1.Final_redhat_1.1.ep6.el6
jbossws-common-0:2.1.3-1.Final_redhat_1.ep6.el6
jbossws-cxf-0:4.1.4-7.Final_redhat_7.ep6.el6
jbossws-spi-0:2.1.3-1.Final_redhat_1.ep6.el6
jcip-annotations-eap6-0:1.0-4.redhat_4.ep6.el6
jgroups-1:3.2.10-1.Final_redhat_2.2.ep6.el6
log4j-jboss-logmanager-0:1.0.2-1.Final_redhat_1.ep6.el6
mod_ssl-1:2.2.22-25.ep6.el6
netty-0:3.6.6-2.Final_redhat_1.1.ep6.el6
opensaml-0:2.5.1-2.redhat_2.1.ep6.el6
openws-0:1.4.2-10.redhat_4.1.ep6.el6
picketbox-0:4.0.17-3.SP2_redhat_2.1.ep6.el6
picketlink-federation-0:2.1.6.3-2.Final_redhat_2.2.ep6.el6
wss4j-0:1.6.10-1.redhat_1.ep6.el6
xml-security-0:1.5.5-1.redhat_1.ep6.el6

refmap via4

bid	61129
cisco	20130822 Apache HTTP Server MERGE Request Denial of Service Vulnerability
confirm	http://support.apple.com/kb/HT6150 http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?r1=1482522&r2=1485668&diff_format=h http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?view=log http://www-01.ibm.com/support/docview.wss?uid=swg21644047 http://www.apache.org/dist/httpd/Announcement2.2.html https://httpd.apache.org/security/vulnerabilities_24.html
hp	HPSBUX02927 SSRT101288
mlist	[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
secunia	55032
suse	openSUSE-SU-2013:1337 openSUSE-SU-2013:1340 openSUSE-SU-2013:1341
ubuntu	USN-1903-1

Last major update

13-02-2023 - 00:28

Published

10-07-2013 - 20:55

Last modified

13-02-2023 - 00:28