Apache 2.2.x < 2.2.25 Remote Denial of Service Vulnerability
Medium Nessus Network Monitor Plugin ID 6927
SynopsisThe remote web server uses a version of Apache that is affected by a remote denial-of-service vulnerability.
DescriptionApache versions earlier than 2.2.25 are affected by a remote denial-of-service vulnerability because the 'mod_dav.c' source file fails to properly determine whether DAV is enabled for a URI. Specifically, this issue occurs when sending a URI MERGE request handled by the 'mod_dav_svn' module with the source href pointing to a URI not configured for DAV. An attacker can exploit this issue to cause a segmentation fault.
SolutionUpgrade to Apache version 2.2.25 or later.