Apache HTTP Server 'mod_dav_svn' Denial Of Service Vulnerability (Windows) Network Vulnerability

Summary

The host is running Apache HTTP Server and is prone to denial of service vulnerability.

Impact

Successful exploitation will allow remote attacker to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module.

Solution

Upgrade to Apache HTTP Server 2.2.25 or later, For updates refer to http://svn.apache.org

Insight

The flaw is due to an error in 'mod_dav.c', It does not properly determine whether DAV is enabled for a URI.

Affected

Apache HTTP Server version before 2.2.25 on windows.

Detection

Get the installed version Apache HTTP Server with the help of detect NVT and check it is vulnerable or not.

References

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?view=log
http://www.apache.org/dist/httpd/Announcement2.2.html
http://www.osvdb.org/95498

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1896
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011
Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
Check for bdir.htr files
Apache HTTP Server Scoreboard Security Bypass Vulnerability (Windows)
bozohttpd Security Bypass Vulnerability

Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)

Take action and discover your vulnerabilities