MGASA-2013-0231

Advisory lineage Upstream: 2 Downstream: 0
Published: 26 Jul 2013, 11:36
Last modified:16 Apr 2026, 04:41

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

26 Jul 2013, 11:36
Published
Vulnerability first disclosed
16 Apr 2026, 04:41
Last Modified
Vulnerability information updated

Description

Updated apache packages fix security vulnerabilities Updated apache packages fix security vulnerabilities: mod_dav.c in the Apache HTTP Server before 2.4.6 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI (CVE-2013-1896). An unspecified error in Apache HTTP Server within the mod_session_dbd module related to the handling of the dirty flag during saving of the sessions has an unknown impact and remote attack vector (CVE-2013-2249). Also, a minor issue causing httpd to not be restarted when installing or upgrading certain web applications, as well as an issue with the web application configuration files when upgrading from Mageia 2, both due to the moving of web applications configuration files to the /etc/httpd/conf/sites.d directory in Mageia 3, have been corrected.

Affected Systems

  • mageiaapache

    < 2.4.4-7.4.mga3

References (7)