Vulnerability Note VU#406121
Apache mod_dav module vulnerable to DoS
A denial-of-service vulnerability exists in Apache mod_dav.
mod_dav is an Apache module. This module enables Apache web servers to provide users the ability to edit and manage files on a remote web server using the HTTP protocol. A vulnerability in mod_dav may allow an attacker to kill a child process. This may cause Apache to use excessive resources in a preforked multi-processing module.
An attacker may be able to consume excessive CPU resources on the target web server.
Upgrade to Apache 2.0.42.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apache||Affected||-||26 Sep 2002|
|Openwall GNU/*/Linux||Not Affected||-||14 Oct 2002|
|Xerox Corporation||Not Affected||-||30 May 2003|
CVSS Metrics (Learn More)
Thanks to Mark Cox for helping us to understand this vulnerability.
This document was written by Ian A Finlay.
- CVE IDs: Unknown
- Date Public: 25 Sep 2002
- Date First Published: 26 Sep 2002
- Date Last Updated: 30 May 2003
- Severity Metric: 5.40
- Document Revision: 3
If you have feedback, comments, or additional information about this vulnerability, please send us email.