IBM Information for VU#849993

Some implementations of mod_dav contain a format string vulnerability in "ap_log_rerror()" function

Status

Not Affected

Vendor Statement

IBM is not vulnerable to the above mentioned issues with the Apache "mod_dav" module. While we do provide Open Source packeges through the AIX Linux Toolbox, "mod_dav" is not one of them.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.