Apache < 2.0.51 mod_dav DAV LOCK Command Remote DoS
Medium Nessus Network Monitor Plugin ID 2291
SynopsisThe remote host is vulnerable to a Denial of Service (DoS) attack.
DescriptionThe remote host is running a vulnerable version of Apache. It is reported that versions prior 2.0.51 are prone to a remote denial of service issue. An attacker may issue a specific sequence of DAV LOCK commands to crash the process. If Apache is configured to use threads, it may completely crash the Apache process.
SolutionUpgrade to Apache 2.0.51 or higher.