Apache 2.4.1 to 2.4.4 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 6942
SynopsisThe remote web server is affected by multiple vulnerabilities
DescriptionThe remote host is running an Apache HTTP server. Versions 2.4.1 to 2.4.4 inclusive are vulnerable to the following vulnerabilities :
- A denial of service vulnerability exists relating to the 'mod_dav' module as it relates to MERGE requests. (CVE-2013-1896)
- An error exists related to the 'mod_session_dbd' module, flags and session-saving having an unspecified impact.(CVE-2013-2249).
SolutionEither ensure that the affected modules are not in use or upgrade to Apache version 2.4.6 or later.