CVE-2013-1896

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

Published: Jul 10, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1896
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apache / http_server	2.2.0	2.2.25
apache / http_server	2.4.1	2.4.6
redhat / jboss_enterprise_application_platform	6.0.0	6.0.0.x
redhat / jboss_enterprise_application_platform	6.4.0	6.4.0.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux_server_aus	6.4	6.4.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
redhat / enterprise_linux_server_aus	5.9	5.9.x
redhat / enterprise_linux_eus	5.9	5.9.x
redhat / enterprise_linux_eus	6.4	6.4.x
canonical / ubuntu_linux	13.04	13.04.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	10.04	10.04.x
canonical / ubuntu_linux	12.04	12.04.x
opensuse / opensuse	12.3	12.3.x
opensuse / opensuse	11.4	11.4.x
opensuse / opensuse	12.2	12.2.x

Vulnerability Database

289,599

CVE-2013-1896