Vulnerability Note VU#406121

Apache mod_dav module vulnerable to DoS

Original Release date: 26 Sep 2002 | Last revised: 30 May 2003

Overview

A denial-of-service vulnerability exists in Apache mod_dav.

Description

mod_dav is an Apache module. This module enables Apache web servers to provide users the ability to edit and manage files on a remote web server using the HTTP protocol. A vulnerability in mod_dav may allow an attacker to kill a child process. This may cause Apache to use excessive resources in a preforked multi-processing module.

Impact

An attacker may be able to consume excessive CPU resources on the target web server.

Solution

Upgrade to Apache 2.0.42.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
ApacheAffected-26 Sep 2002
Openwall GNU/*/LinuxNot Affected-14 Oct 2002
Xerox CorporationNot Affected-30 May 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Mark Cox for helping us to understand this vulnerability.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: Unknown
  • Date Public: 25 Sep 2002
  • Date First Published: 26 Sep 2002
  • Date Last Updated: 30 May 2003
  • Severity Metric: 5.40
  • Document Revision: 3

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.