CVE-2013-2249 - mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with

CVE-2013-2249

Summary

mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.

References

Vulnerable Configurations

cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 14-09-2022 - 18:42)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

cisco	20130822 Apache HTTP Server mod_session_dbd Save Operations Vulnerability
confirm	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1409170&r2=1488158&diff_format=h http://www.apache.org/dist/httpd/CHANGES_2.4.6 https://httpd.apache.org/security/vulnerabilities_24.html
mlist	[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Last major update

14-09-2022 - 18:42

Published

23-07-2013 - 17:20

Last modified

14-09-2022 - 18:42