mod_dav.c in the Apache HTTP Server prior to 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote malicious users to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
redhat jboss_enterprise_application_platform 6.0.0 |
||
redhat jboss_enterprise_application_platform 6.4.0 |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux workstation 5.0 |
||
redhat enterprise linux server aus 6.4 |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux desktop 5.0 |
||
redhat enterprise linux server aus 5.9 |
||
redhat enterprise linux eus 5.9 |
||
redhat enterprise linux eus 6.4 |
||
canonical ubuntu linux 13.04 |
||
canonical ubuntu linux 12.10 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 12.04 |
||
opensuse opensuse 12.3 |
||
opensuse opensuse 11.4 |
||
opensuse opensuse 12.2 |