Executive Summary

Summary
Title httpd security update
Informations
Name RHSA-2013:1156 First vendor Publication 2013-08-13
Vendor RedHat Last vendor Modification 2013-08-13
Severity (Vendor) Moderate Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64

3. Description:

The Apache HTTP Server is a popular web server.

A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash. (CVE-2013-1896)

All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

5. Bugs fixed (http://bugzilla.redhat.com/):

983549 - CVE-2013-1896 httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2013-1156.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18274
 
Oval ID: oval:org.mitre.oval:def:18274
Title: USN-1903-1 -- apache2 vulnerabilities
Description: Several security issues were fixed in the Apache HTTP Server.
Family: unix Class: patch
Reference(s): USN-1903-1
CVE-2013-1862
CVE-2013-1896
Version: 7
Platform(s): Ubuntu 13.04
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18835
 
Oval ID: oval:org.mitre.oval:def:18835
Title: Apache HTTP vulnerability before 2.2.25 in VisualSVN Server (CVE-2013-1896)
Description: mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
Family: windows Class: vulnerability
Reference(s): CVE-2013-1896
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): VisualSVN Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:19747
 
Oval ID: oval:org.mitre.oval:def:19747
Title: HP-UX Apache Web Server, Remote Execution of Arbitrary Code, Denial of Service (DoS)
Description: mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
Family: unix Class: vulnerability
Reference(s): CVE-2013-1896
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21205
 
Oval ID: oval:org.mitre.oval:def:21205
Title: RHSA-2013:1156: httpd security update (Moderate)
Description: mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
Family: unix Class: patch
Reference(s): RHSA-2013:1156-01
CESA-2013:1156
CVE-2013-1896
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23320
 
Oval ID: oval:org.mitre.oval:def:23320
Title: DEPRECATED: ELSA-2013:1156: httpd security update (Moderate)
Description: mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
Family: unix Class: patch
Reference(s): ELSA-2013:1156-01
CVE-2013-1896
Version: 7
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23801
 
Oval ID: oval:org.mitre.oval:def:23801
Title: ELSA-2013:1156: httpd security update (Moderate)
Description: mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
Family: unix Class: patch
Reference(s): ELSA-2013:1156-01
CVE-2013-1896
Version: 6
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): httpd
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26836
 
Oval ID: oval:org.mitre.oval:def:26836
Title: SUSE-SU-2014:1082-1 -- Security update for apache2
Description: This apache2 update fixes the following security issues: * log_cookie mod_log_config.c remote denial of service (CVE-2014-0098, bnc#869106) * mod_dav denial of service (CVE-2013-6438, bnc#869105) * mod_cgid denial of service (CVE-2014-0231, bnc#887768) * mod_status heap-based buffer overflow (CVE-2014-0226, bnc#887765) * mod_rewrite: escape logdata to avoid terminal escapes (CVE-2013-1862, bnc#829057) * mod_dav: segfault in merge request (CVE-2013-1896, bnc#829056) Security Issues: * CVE-2014-0098 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098> * CVE-2013-6438 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438> * CVE-2014-0226 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226> * CVE-2014-0231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231> * CVE-2013-1862 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862> * CVE-2013-1896 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1082-1
CVE-2014-0098
CVE-2013-6438
CVE-2014-0231
CVE-2014-0226
CVE-2013-1862
CVE-2013-1896
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): apache2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27412
 
Oval ID: oval:org.mitre.oval:def:27412
Title: DEPRECATED: ELSA-2013-1156 -- httpd security update (moderate)
Description: [2.2.15-29.0.1.el6_4] - replace index.html with Oracle's index page oracle_index.html update vstring in specfile [2.2.15-29] - mod_dav: add security fix for CVE-2013-1896 (#991368)
Family: unix Class: patch
Reference(s): ELSA-2013-1156
CVE-2013-1896
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): httpd
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 221
Os 4
Os 3
Os 2
Os 2
Os 2
Os 2
Os 2

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-16 IAVM : 2015-A-0149 - Multiple Vulnerabilities in Juniper Networks and Security Manager(NSM) Appliance
Severity : Category I - VMSKEY : V0061101
2014-02-27 IAVM : 2014-A-0030 - Apple Mac OS X Security Update 2014-001
Severity : Category I - VMSKEY : V0044547
2013-09-12 IAVM : 2013-A-0177 - Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity : Category I - VMSKEY : V0040288
2013-07-25 IAVM : 2013-A-0146 - Multiple Security Vulnerabilities in Apache HTTP Server
Severity : Category I - VMSKEY : V0039573

Snort® IPS/IDS

Date Description
2017-12-13 Apache HTTP Server possible mod_dav.c remote denial of service vulnerability ...
RuleID : 44808 - Revision : 2 - Type : INDICATOR-COMPROMISE

Nessus® Vulnerability Scanner

Date Description
2015-07-20 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_jsa10685_cred.nasl - Type : ACT_GATHER_INFO
2015-07-20 Name : The remote host is affected by multiple vulnerabilities.
File : juniper_nsm_jsa10685.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1082-1.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_apache_20131015.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa10627.nasl - Type : ACT_GATHER_INFO
2014-12-16 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-770.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1133.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-638.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-637.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2014-001.nasl - Type : ACT_GATHER_INFO
2014-02-25 Name : The remote host is missing a Mac OS X update that fixes a certificate validat...
File : macosx_10_9_2.nasl - Type : ACT_GATHER_INFO
2014-01-31 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-1209.nasl - Type : ACT_GATHER_INFO
2014-01-20 Name : The remote application server is potentially affected by multiple vulnerabili...
File : websphere_7_0_0_31.nasl - Type : ACT_GATHER_INFO
2013-12-05 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_5_5_1.nasl - Type : ACT_GATHER_INFO
2013-09-24 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-12.nasl - Type : ACT_GATHER_INFO
2013-09-20 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_6_1_0_47.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1207.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1208.nasl - Type : ACT_GATHER_INFO
2013-08-27 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-130730.nasl - Type : ACT_GATHER_INFO
2013-08-23 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_0_0_7.nasl - Type : ACT_GATHER_INFO
2013-08-20 Name : The remote Fedora host is missing a security update.
File : fedora_2013-13922.nasl - Type : ACT_GATHER_INFO
2013-08-14 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130813_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-08-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1156.nasl - Type : ACT_GATHER_INFO
2013-08-14 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1156.nasl - Type : ACT_GATHER_INFO
2013-08-14 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1156.nasl - Type : ACT_GATHER_INFO
2013-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2013-13994.nasl - Type : ACT_GATHER_INFO
2013-08-07 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-218-02.nasl - Type : ACT_GATHER_INFO
2013-07-23 Name : The remote web server is affected by multiple vulnerabilities.
File : apache_2_4_6.nasl - Type : ACT_GATHER_INFO
2013-07-22 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_ca4d63fbf15c11e2b18320cf30e32f6d.nasl - Type : ACT_GATHER_INFO
2013-07-16 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1903-1.nasl - Type : ACT_GATHER_INFO
2013-07-16 Name : The remote web server may be affected by multiple cross-site scripting vulner...
File : apache_2_2_25.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-193.nasl - Type : ACT_GATHER_INFO
2013-07-06 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_f3d24aeee5ad11e2b18320cf30e32f6d.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:57:23
  • Multiple Updates
2013-08-13 21:23:09
  • First insertion