Apache 2.4 < 2.4.5 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801401

Synopsis

The remote web server is affected by multiple vulnerabilities

Description

The remote host is running a Apache HTTP server. Versions earlier than 2.4.5 are vulnerable to the following vulnerabilities :

- A denial of service vulnerability exists relating to the 'mod_dav' module as it relates to MERGE requests. (CVE-2013-1896)

- An error exists related to the 'mod_session_dbd' module, flags and session-saving having an unspecified impact.(CVE-2013-2249).

Solution

Either ensure that the affected modules are not in use or upgrade to Apache version 2.4.6 or later.

See Also

http://httpd.apache.org/security/vulnerabilities_24.html

http://www.apache.org/dist/httpd/CHANGES_2.4.6

Plugin Details

Severity: High

ID: 801401

Family: Web Servers

Published: 7/23/2013

Nessus ID: 69014

Vulnerability Information

Patch Publication Date: 7/22/2013

Vulnerability Publication Date: 5/23/2013

Reference Information

CVE: CVE-2013-1896, CVE-2013-2249

BID: 61129, 61379