Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2249 to the following vulnerability: Name: CVE-2013-2249 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249 Assigned: 20130219 Reference: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/session/mod_session_dbd.c?r1=1409170&r2=1488158&diff_format=h Reference: http://www.apache.org/dist/httpd/CHANGES_2.4.6 mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 987545]
Statement: Not vulnerable. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not include the mod_session_dbd module.
httpd-2.4.6-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
httpd-2.4.6-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.