FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache24 -- several vulnerabilities

Affected packages
apache24 < 2.4.6

Details

VuXML ID ca4d63fb-f15c-11e2-b183-20cf30e32f6d
Discovery 2013-07-11
Entry 2013-07-20
Modified 2013-07-21

Apache HTTP SERVER PROJECT reports:

mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to a URI that is not configured for DAV will trigger a segfault.

mod_session_dbd: Make sure that dirty flag is respected when saving sessions, and ensure the session ID is changed each time the session changes. This changes the format of the updatesession SQL statement. Existing configurations must be changed.

References

CVE Name CVE-2013-1896
CVE Name CVE-2013-2249
URL http://www.apache.org/dist/httpd/Announcement2.4.html