PublicDateAtUSN: 2013-07-10
Candidate: CVE-2013-1896
PublicDate: 2013-07-10 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896
 http://www.gossamer-threads.com/lists/apache/announce/427633
 http://www.apache.org/dist/httpd/Announcement2.2.html
 https://ubuntu.com/security/notices/USN-1903-1
Description:
 mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly
 determine whether DAV is enabled for a URI, which allows remote attackers
 to cause a denial of service (segmentation fault) via a MERGE request in
 which the URI is configured for handling by the mod_dav_svn module, but a
 certain href attribute in XML data refers to a non-DAV URI.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_apache2:
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1497101 (2.2)
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1497212 (2.2)
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1486461 (2.4)
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1485668 (trunk)
upstream_apache2: released (2.2.25)
lucid_apache2: released (2.2.14-5ubuntu8.12)
precise_apache2: released (2.2.22-1ubuntu1.4)
quantal_apache2: released (2.2.22-6ubuntu2.3)
raring_apache2: released (2.2.22-6ubuntu5.1)
devel_apache2: released (2.4.4-6ubuntu5)