PublicDateAtUSN: 2014-03-18
Candidate: CVE-2013-6438
PublicDate: 2014-03-18 05:18:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438
 http://httpd.apache.org/security/vulnerabilities_24.html
 https://ubuntu.com/security/notices/USN-2152-1
Description:
 The dav_xml_get_cdata function in main/util.c in the mod_dav module in the
 Apache HTTP Server before 2.4.8 does not properly remove whitespace
 characters from CDATA sections, which allows remote attackers to cause a
 denial of service (daemon crash) via a crafted DAV WRITE request.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Ning Zhang and Amin Tora
Assigned-to: mdeslaur
CVSS: 

Patches_apache2:
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1556428 (trunk)
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1556816 (2.4)
 upstream: http://svn.apache.org/viewvc?view=revision&revision=1576706 (2.2)
upstream_apache2: released (2.4.8)
lucid_apache2: released (2.2.14-5ubuntu8.13)
precise_apache2: released (2.2.22-1ubuntu1.5)
quantal_apache2: released (2.2.22-6ubuntu2.4)
saucy_apache2: released (2.4.6-2ubuntu2.2)
devel_apache2: released (2.4.7-1ubuntu3)