CVE-2013-2249 in Ubuntu

CVE-2013-2249

Priority

Medium

Description

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server
before 2.4.5 proceeds with save operations for a session without
considering the dirty flag and the requirement for a new session ID, which
has unspecified impact and remote attack vectors.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249
http://www.apache.org/dist/httpd/CHANGES_2.4.6

Notes

mdeslaur> only affects 2.4.x

Package

Source: apache2 (LP Ubuntu Debian)

Upstream:

released (2.4.5)

Patches:

Upstream:

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1409170&r2=1488158&diff_format=h

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2017-12-14 20:01:36 UTC (commit 13907)