CVE-2004-0809

7 documents7 sources

Severity

5.0MEDIUM

EPSS

14.0%

top 5.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Debian Debian Linux Gentoo Linux +8 more

Timeline

PublishedSep 16

Latest updateApr 29

Description

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages10 packages

▶NVDapache/http_server2.0.35 — 2.0.51

▶Debianapache2< 2.0.51-1+3

▶NVDhp/hp-ux4 versions+3

▶NVDgentoo/linux1.4

▶NVDhp/secure_web10 versions+9

Also affects: Debian Linux 3.0, Enterprise Linux 3.0

Patches

Patch: www.debian.org ↗Patch: www.gentoo.org ↗Patch: www.trustix.org ↗

🔴Vulnerability Details

GHSA

GHSA-ffrj-w536-5xrc: The mod_dav module in Apache 2↗2022-04-29

▶

CVEList

CVE-2004-0809: The mod_dav module in Apache 2↗2004-09-17

▶

OSV

CVE-2004-0809: The mod_dav module in Apache 2↗2004-09-16

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-09-15

▶

Debian

CVE-2004-0809: apache2 - The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause...↗2004

▶

💬Community

Bugzilla

CVE-2004-0809 security flaw↗2018-08-16

▶