Description
The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
Remediation
References
Related Vulnerabilities
WordPress Plugin Compact WP Audio Player Multiple Vulnerabilities (1.9.6)
MySQL CVE-2013-1521 Vulnerability (CVE-2013-1521)
WordPress Plugin Custom Field Suite Security Bypass (2.4)
ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-0204)
WordPress Plugin MAC PHOTO GALLERY 'albid' Parameter Arbitrary File Disclosure (2.8)