MGASA-2013-0230

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2013-1896

Published: 26 Jul 2013, 11:34

Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

26 Jul 2013, 11:34

Published

Vulnerability first disclosed

16 Apr 2026, 06:24

Last Modified

Vulnerability information updated

Description

Updated apache packages fix CVE-2013-1896 Updated apache packages fix security vulnerability: mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI (CVE-2013-1896).

Affected Systems

mageia•apache
< 2.2.25-1.mga2

References (5)

https://advisories.mageia.org/MGASA-2013-0230.html
http://httpd.apache.org/security/vulnerabilities_22.html
http://www.apache.org/dist/httpd/CHANGES_2.2.25
http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:193/
https://bugs.mageia.org/show_bug.cgi?id=10756