Apache 2.4 < 2.4.5 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801401


The remote web server is affected by multiple vulnerabilities


The remote host is running a Apache HTTP server. Versions earlier than 2.4.5 are vulnerable to the following vulnerabilities :

- A denial of service vulnerability exists relating to the 'mod_dav' module as it relates to MERGE requests. (CVE-2013-1896)

- An error exists related to the 'mod_session_dbd' module, flags and session-saving having an unspecified impact.(CVE-2013-2249).


Either ensure that the affected modules are not in use or upgrade to Apache version 2.4.6 or later.

See Also



Plugin Details

Severity: High

ID: 801401

Family: Web Servers

Published: 7/23/2013

Updated: 7/23/2013

Nessus ID: 69014

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 7/22/2013

Vulnerability Publication Date: 5/23/2013

Reference Information

CVE: CVE-2013-1896, CVE-2013-2249

BID: 61129, 61379