Vulnerability Note VU#406121

Apache mod_dav module vulnerable to DoS

Original Release date: 26 Sep 2002 | Last revised: 30 May 2003


A denial-of-service vulnerability exists in Apache mod_dav.


mod_dav is an Apache module. This module enables Apache web servers to provide users the ability to edit and manage files on a remote web server using the HTTP protocol. A vulnerability in mod_dav may allow an attacker to kill a child process. This may cause Apache to use excessive resources in a preforked multi-processing module.


An attacker may be able to consume excessive CPU resources on the target web server.


Upgrade to Apache 2.0.42.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
ApacheAffected-26 Sep 2002
Openwall GNU/*/LinuxNot Affected-14 Oct 2002
Xerox CorporationNot Affected-30 May 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Thanks to Mark Cox for helping us to understand this vulnerability.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: Unknown
  • Date Public: 25 Sep 2002
  • Date First Published: 26 Sep 2002
  • Date Last Updated: 30 May 2003
  • Severity Metric: 5.40
  • Document Revision: 3


If you have feedback, comments, or additional information about this vulnerability, please send us email.