Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0809

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0809
Last Modified 21 Aug 2010 12:21:19
Published 16 Sep 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0809

Summary

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

Vulnerable Systems

Operating System

  • Conectiva Linux 10.0

  • Conectiva Linux 9.0

  • Gentoo Linux 1.4

  • Hp-ux 11.00

  • Hp-ux 11.11

  • Hp-ux 11.22

  • Hp-ux 11.23

  • Mandrakesoft Mandrake Linux 10.0

  • Mandrakesoft Mandrake Linux 9.2

  • Redhat Enterprise Linux 3.0

  • Redhat Enterprise Linux Desktop 3.0

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

  • Turbolinux Desktop 10.0

  • Turbolinux Home

  • Turbolinux Server 10.0

Application

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.50

  • Hp Secure Web Server For Tru64 4.0 F

  • Hp Secure Web Server For Tru64 4.0 G

  • Hp Secure Web Server For Tru64 5.0 A

  • Hp Secure Web Server For Tru64 5.1

  • Hp Secure Web Server For Tru64 5.1 A

  • Hp Secure Web Server For Tru64 5.8.1

  • Hp Secure Web Server For Tru64 5.8.2

  • Hp Secure Web Server For Tru64 5.9.1

  • Hp Secure Web Server For Tru64 5.9.2

  • Hp Secure Web Server For Tru64 6.3.0


References

XF - apache-moddav-lock-dos(17366)

TRUSTIX - 2004-0047

GENTOO - GLSA-200409-21

DEBIAN - DSA-558

REDHAT - RHSA-2004:463

CONFIRM - http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33


Last Updated: 27 May 2016 10:38:46