Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache 2.2.x < 2.2.25 Remote Denial of Service Vulnerability

Medium

Synopsis

The remote web server uses a version of Apache that is affected by a remote denial-of-service vulnerability.

Description

Apache versions earlier than 2.2.25 are affected by a remote denial-of-service vulnerability because the 'mod_dav.c' source file fails to properly determine whether DAV is enabled for a URI. Specifically, this issue occurs when sending a URI MERGE request handled by the 'mod_dav_svn' module with the source href pointing to a URI not configured for DAV. An attacker can exploit this issue to cause a segmentation fault.

Solution

Upgrade to Apache version 2.2.25 or later.