FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-2249

This CVE name corresponds to:

Entered Topic
2013-07-20 apache24 -- several vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-2249 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-2249
Phase Assigned(20130219)

Description

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

References

Source Reference
CONFIRM http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1409170&r2=1488158&diff_format=h
CONFIRM http://www.apache.org/dist/httpd/CHANGES_2.4.6
CONFIRM http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698
CISCO 20130822 Apache HTTP Server mod_session_dbd Save Operations Vulnerability

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.