mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10208
http://www.securityfocus.com/bid/5816
http://www.kb.cert.org/vuls/id/406121