Description
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
Remediation
References
Related Vulnerabilities
Internet Information Services CVE-2001-0146 Vulnerability (CVE-2001-0146)
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-13674)
ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-2397)
Drupal Core 6.x Local File Inclusion (6.0 - 6.9)
WordPress Plugin wp-buddha-free-adwords Security Bypass (1.0.0)