CVE-2002-1593

Apache HTTP Server < 2.0.42 - Denial of Service via mod_dav Versioning Hook Null Dereference

Title source: llm
STIX 2.1

Description

mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.

References (17)

Core 17
Core References
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5816
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/406121
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1005285
Various Sources x_refsource_confirm
http://www.apache.org/dist/httpd/CHANGES_2.0
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10208

Scores

EPSS 0.0704
EPSS Percentile 93.5%

Details

Status published
Products (10)
apache/http_server 2.0
apache/http_server 2.0.28
apache/http_server 2.0.32
apache/http_server 2.0.35
apache/http_server 2.0.36
apache/http_server 2.0.37
apache/http_server 2.0.38
apache/http_server 2.0.39
apache/http_server 2.0.40
apache/http_server 2.0.41
Published Sep 25, 2002
Tracked Since Feb 18, 2026