Vigil@nce - Apache HTTP Server: denial of service via mod_dav
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send a DAV WRITE query starting by spaces, in
order to trigger a denial of service in mod_dav of Apache HTTP
Server.
Impacted products: Apache httpd, MBS, MES, Slackware, Ubuntu
Severity: 2/4
Creation date: 18/03/2014
DESCRIPTION OF THE VULNERABILITY
The mod_dav module can be enabled on Apache HTTP Server, to edit
documents online.
When data starts by a space, they are removed. However, the size
of data is not updated, so the ’\0’ terminator is written outside
the array, which leads to a fatal error.
An attacker can therefore send a DAV WRITE query starting by
spaces, in order to trigger a denial of service in mod_dav of
Apache HTTP Server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Apache-HTTP-Server-denial-of-service-via-mod-dav-14439