Skip to main content

Apache mod_dav and mod_log_config Multiple Vulnerabilities

Last Update Date: 19 Mar 2014 17:19 Release Date: 19 Mar 2014 3725 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Two vulnerabilities have been identified in Apache, which can be exploited by a remote user to cause denial of service conditions.

  • A remote user can send specially crafted DAV WRITE requests to trigger a flaw in mod_dav in the processing of spaces within CDATA and cause the target service to crash.
  • A remote user can send a specially crafted cookie value to trigger a flaw in mod_log_config and cause the target service to crash.

Impact

  • Denial of Service

System / Technologies affected

  • Apache versions prior to 2.4.8

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 2.4.9

Vulnerability Identifier


Source


Related Link