// For flags

CVE-2013-6438

httpd: mod_dav denial of service via crafted DAV WRITE request

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.

La función dav_xml_get_cdata en main/util.c en el módulo mod_dav en el Apache HTTP Server anterior a 2.4.8 no elimina debidamente caracteres de espacio en blanco de secciones CDATA, lo que permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de una solicitud DAV WRITE manipulada.

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module, a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-11-04 CVE Reserved
  • 2014-03-18 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (50)
URL Tag Source
http://advisories.mageia.org/MGASA-2014-0135.html Third Party Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 Third Party Advisory
http://seclists.org/fulldisclosure/2014/Dec/23 Mailing List
http://secunia.com/advisories/58230 Not Applicable
http://secunia.com/advisories/59315 Not Applicable
http://secunia.com/advisories/59345 Not Applicable
http://secunia.com/advisories/60536 Not Applicable
http://www-01.ibm.com/support/docview.wss?uid=swg21669554 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676091 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21676092 Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html Third Party Advisory
http://www.securityfocus.com/archive/1/534161/100/0/threaded Mailing List
http://www.securityfocus.com/bid/66303 Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2014-0012.html Third Party Advisory
https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1 Third Party Advisory
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E Mailing List
https://puppet.com/security/cve/cve-2013-6438 Third Party Advisory
https://support.apple.com/HT204659 Third Party Advisory
https://support.apple.com/kb/HT6535 Third Party Advisory
URL Date SRC
URL Date SRC
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?r1=1528718&r2=1556428&diff_format=h 2023-11-07
URL Date SRC
http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html 2023-11-07
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html 2023-11-07
http://marc.info/?l=bugtraq&m=141017844705317&w=2 2023-11-07
http://marc.info/?l=bugtraq&m=141390017113542&w=2 2023-11-07
http://security.gentoo.org/glsa/glsa-201408-12.xml 2023-11-07
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES 2023-11-07
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c 2023-11-07
http://www.apache.org/dist/httpd/CHANGES_2.4.9 2023-11-07
http://www.ubuntu.com/usn/USN-2152-1 2023-11-07
https://httpd.apache.org/security/vulnerabilities_24.html 2023-11-07
https://access.redhat.com/security/cve/CVE-2013-6438 2014-07-01
https://bugzilla.redhat.com/show_bug.cgi?id=1077867 2014-07-01
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 >= 2.2.0 < 2.2.27
Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 < 2.2.27"
-
Affected
Apache
Search vendor "Apache"
 Http Server
Search vendor "Apache" for product "Http Server"
 >= 2.4.1 < 2.4.9
Search vendor "Apache" for product "Http Server" and version " >= 2.4.1 < 2.4.9"
-
Affected
Oracle
Search vendor "Oracle"
 Http Server
Search vendor "Oracle" for product "Http Server"
 10.1.3.5.0
Search vendor "Oracle" for product "Http Server" and version "10.1.3.5.0"
-
Affected
Oracle
Search vendor "Oracle"
 Http Server
Search vendor "Oracle" for product "Http Server"
 11.1.1.7.0
Search vendor "Oracle" for product "Http Server" and version "11.1.1.7.0"
-
Affected
Oracle
Search vendor "Oracle"
 Http Server
Search vendor "Oracle" for product "Http Server"
 12.1.2.0
Search vendor "Oracle" for product "Http Server" and version "12.1.2.0"
-
Affected
Oracle
Search vendor "Oracle"
 Http Server
Search vendor "Oracle" for product "Http Server"
 12.1.3.0
Search vendor "Oracle" for product "Http Server" and version "12.1.3.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 10.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 13.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "13.10"
-
Affected