mod_dav for Apache HTTP Server LOCK Request DoS

2004-09-14T16:13:18
ID OSVDB:9948
Type osvdb
Reporter Apache Software Foundation(security@apache.org)
Modified 2004-09-14T16:13:18

Description

Vulnerability Description

Apache mod_dav contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a particular sequence of LOCK requests and will result in loss of availability for the httpd child process.

Solution Description

Upgrade to version 2.0.51-dev or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Apache mod_dav contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a particular sequence of LOCK requests and will result in loss of availability for the httpd child process.

References:

Vendor URL: http://www.lyra.org/greg/mod_dav/ Vendor Specific Solution URL: http://www.apacheweek.com/features/security-20 Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1011248 Secunia Advisory ID:13025 Secunia Advisory ID:12547 Secunia Advisory ID:12577 Secunia Advisory ID:12743 Secunia Advisory ID:12527 Secunia Advisory ID:12646 Secunia Advisory ID:13243 RedHat RHSA: RHSA-2004:463 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200409-21.xml Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000868 Other Advisory URL: http://www.debian.org/security/2004/dsa-558 CVE-2004-0809