Apache 2.2.x < 2.2.25 Remote Denial of Service Vulnerability
medium Log Correlation Engine Plugin ID 801383
Synopsis
The remote web server uses a version of Apache that is affected by a remote denial-of-service vulnerability.
Description
Apache versions earlier than 2.2.25 are affected by a remote denial-of-service vulnerability because the 'mod_dav.c' source file fails to properly determine whether DAV is enabled for a URI. Specifically, this issue occurs when sending a URI MERGE request handled by the 'mod_dav_svn' module with the source href pointing to a URI not configured for DAV. An attacker can exploit this issue to cause a segmentation fault.