Описание
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 2.4.4-6ubuntu5 |
| lucid | released | 2.2.14-5ubuntu8.12 |
| precise | released | 2.2.22-1ubuntu1.4 |
| quantal | released | 2.2.22-6ubuntu2.3 |
| raring | released | 2.2.22-6ubuntu5.1 |
| upstream | released | 2.2.25 |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly de ...
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
EPSS
4.3 Medium
CVSS2