Description
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2367)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46731)
Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.15)
WordPress Plugin YITH WooCommerce Request A Quote Security Bypass (1.4.7)