mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-2249
http://www.apache.org/dist/httpd/CHANGES_2.4.6
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E
Source: MITRE
Published: 2013-07-23
Updated: 2017-01-07
Type: NVD-CWE-noinfo
Base Score: 7.5
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 10
Severity: HIGH
OR
cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.3.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions up to 2.4.4 (inclusive)
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
98903 | Apache 2.4.x < 2.4.6 Multiple Vulnerabilities | Web Application Scanning | Component Vulnerability | high |
91778 | Juniper Junos Space < 15.1R1 Multiple Vulnerabilities (JSA10698) | Nessus | Junos Local Security Checks | critical |
69380 | Fedora 18 : httpd-2.4.6-2.fc18 (2013-13922) | Nessus | Fedora Local Security Checks | high |
69290 | Fedora 19 : httpd-2.4.6-2.fc19 (2013-13994) | Nessus | Fedora Local Security Checks | high |
69225 | Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : httpd (SSA:2013-218-02) | Nessus | Slackware Local Security Checks | high |
801401 | Apache 2.4 < 2.4.5 Multiple Vulnerabilities | Log Correlation Engine | Web Servers | high |
6942 | Apache 2.4.1 to 2.4.4 Multiple Vulnerabilities | Nessus Network Monitor | Web Servers | high |
69014 | Apache 2.4.x < 2.4.5 Multiple Vulnerabilities | Nessus | Web Servers | high |
68990 | FreeBSD : apache24 -- several vulnerabilities (ca4d63fb-f15c-11e2-b183-20cf30e32f6d) | Nessus | FreeBSD Local Security Checks | high |