CVE-2013-1896

medium

Apache

CVSS v3 Base Score

4.3

AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Score

38.6%

Exploitation probability in 30 days

Top 3% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

None

Integrity

None

Availability

Published: July 10, 2013 (4691 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: NVD

Description

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.

CWE

NVD-CWE-noinfo

Affected Products

apache http serverredhat jboss enterprise application platformredhat enterprise linux desktopredhat enterprise linux eusredhat enterprise linux serverredhat enterprise linux server ausredhat enterprise linux workstationcanonical ubuntu linuxopensuse opensuse

References

🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 rhn.redhat.com 🔗 rhn.redhat.com

CVE-2013-1896

Vulnerability Report

Description

CWE

Affected Products

References