• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache Mod_DAV LOCK Denial Of Service Vulnerability

Apache's 'mod_dav' module is reported susceptible to a denial of service vulnerability.

This vulnerability presents itself when Apache is configured to use the 'mod_dav' module, and it receives a specific sequence of LOCK commands from an authorized user.

This vulnerability can be exploited by remote attackers to crash Apache processes. If Apache is configured to use the threaded process model, an attacker could completely crash Apache. If Apache is configured to use multiple processes as apposed to threads, an attacker could crash individual web server processes. With a sustained attack, they could crash multiple server processes, and still likely deny service to legitimate users.

All versions of Apache 2.0, prior to 2.0.51 are reported vulnerable.