Description
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
Remediation
References
Related Vulnerabilities
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)
WordPress Plugin Testimonial WordPress-AP Custom Testimonial Unspecified Vulnerability (1.4.7)
WordPress Plugin Visitor Maps and Who's Online Cross-Site Scripting (1.5.8.6)
Oracle Database Server CVE-2009-1972 Vulnerability (CVE-2009-1972)