Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Apache HTTP Server: denial of service via mod_dav

July 2013 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can send a MERGE query for mod_dav of Apache HTTP Server, in order to trigger a denial of service.

Impacted products: Apache httpd, MBS, MES

Severity: 2/4

Creation date: 15/07/2013

DESCRIPTION OF THE VULNERABILITY

The mod_dav (DAV, Distributed Authoring and Versioning) module can be installed in Apache HTTP Server.

The MERGE command of mod_dav_svn applies differences between two Subversion information sources. However, if this command indicates an URI which is not configured for DAV, a segmentation fault occurs in mod_dav.

An attacker can therefore send a MERGE query for mod_dav of Apache HTTP Server, in order to trigger a denial of service.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/A...




See previous articles

    

See next articles