Security Bulletin: Vulnerability in Apache HTTP Server affect Cloud Pak System (CVE-2006-20001)

Summary

Denial of service vulnerability in mod_dav module of Apache HTTP Server affects Cloud Pak System.

Vulnerability Details

CVEID:CVE-2006-20001
**DESCRIPTION:**Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read or write of zero in mod_dav. By sending a specially crafted If: request header, an attacker could exploit this vulnerability to cause the process to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/244883 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Remediation/Fixes

Please refer to section below for mitigation.

Workarounds and Mitigations

if you are using mod_dav module, make sure to disable mod_dav and restart httpd.

In order to disable WebDav module , follow the action steps below

- Change Directory to httpd.conf, which located in the (Apache Home)/conf directory

- Edit the web_dav.so. module

- Comment out the following lines:
_ ## LoadModule dav_module modules/mod_dav.so
##LoadModule dav_fs_module modules/mod_dav_fs.so_

- Save Changes

- Restart Apache Service , run the commands

On Windows:
Apache2

On Linux:
/etc/init.d/httpd restart