Red Hat Bugzilla – Bug 987543
CVE-2013-2249 httpd: mod_session_dbd session fixation flaw
Last modified: 2016-03-04 06:55:27 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2249 to
the following vulnerability:
mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP
Server before 2.4.5 proceeds with save operations for a session
without considering the dirty flag and the requirement for a new
session ID, which has unspecified impact and remote attack vectors.
Created httpd tracking bugs for this issue:
Affects: fedora-all [bug 987545]
Not vulnerable. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not include the mod_session_dbd module.
httpd-2.4.6-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
httpd-2.4.6-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.