4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.958 High
EPSS
Percentile
99.4%
A vulnerability in the mod_dav component of the Apache HTTP Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is due to insufficient validation of user-supplied input while handling URI requests. An attacker could exploit the vulnerability by transmitting crafted URI requests to the targeted system. A successful exploit could allow the attacker to cause a DoS condition.
Apache has confirmed the vulnerability and released software updates.
To exploit the vulnerability, the attacker would need access to trusted, internal networks to be able to transmit crafted requests to the targeted system. This access requirement may limit the likelihood of a successful exploit.