CVE-2013-2249

high Apache
CVSS v3 Base Score
7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS Score
43.7%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: July 23, 2013 (4678 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

CWE

NVD-CWE-noinfo

Affected Products

apache http server

References

🔗 kb.juniper.net 🔗 svn.apache.org 🔗 tools.cisco.com 🔗 www.apache.org 🔗 httpd.apache.org