Информационная безопасность
[RU] switch to English

Уязвимости безопасности в Apache
Опубликовано:15 июля 2013 г.
SecurityVulns ID:13173
Уровень опасности:
Описание:DoS через запрос MERGE в mod_dav, манипуляция лог-файлами в mod_rewrite.
Затронутые продукты:APACHE : Apache 2.2
CVE:CVE-2013-2249 (mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.)
 CVE-2013-1896 (mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.)
 CVE-2013-1862 (mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2013:193 ] apache (15.07.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород