Vulnerability Name:

CVE-2004-0809 (CCN-17366)

Assigned:2004-09-14
Published:2004-09-14
Updated:2021-06-06
Summary:The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2004-0809

Source: CONFIRM
Type: UNKNOWN
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:868
Several vulnerabilities in apache, mod_ssl and mod_dav

Source: CCN
Type: Apache HTTP Server Project Web site
Apache HTTPD Project - The Apache HTTPD Server Project

Source: CCN
Type: RHSA-2004-463
httpd security update

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-558

Source: DEBIAN
Type: DSA-558
libapache-mod-dav -- null pointer dereference

Source: CCN
Type: GLSA-200409-21
Apache 2, mod_dav: Multiple vulnerabilities

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200409-21

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:096

Source: REDHAT
Type: Vendor Advisory
RHSA-2004:463

Source: CCN
Type: BID-11185
Apache Mod_DAV LOCK Denial Of Service Vulnerability

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0047
Several security holes

Source: TRUSTIX
Type: Exploit, Patch, Vendor Advisory
2004-0047

Source: CCN
Type: TLSA-2005-2
Multiple vulnerabilities in httpd

Source: XF
Type: UNKNOWN
apache-moddav-lock-dos(17366)

Source: XF
Type: UNKNOWN
apache-moddav-lock-dos(17366)

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1888194 [3/13] - /httpd/site/trunk/content/security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: MLIST
Type: UNKNOWN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9588

Source: CCN
Type: IBM Systems Support Web site
Support for HMC

Vulnerable Configuration:Configuration 1:
  • cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.50:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:hp:secure_web_server_for_tru64:5.1_a:*:*:*:*:*:*:*
  • OR cpe:/a:hp:secure_web_server_for_tru64:5.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:secure_web_server_for_tru64:5.8.2:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:ia64_64-bit:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:secure_web_server_for_tru64:4.0_f:*:*:*:*:*:*:*
  • OR cpe:/a:hp:secure_web_server_for_tru64:4.0_g:*:*:*:*:*:*:*
  • OR cpe:/a:hp:secure_web_server_for_tru64:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:1.4:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/a:hp:secure_web_server_for_tru64:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:hp:secure_web_server_for_tru64:5.0_a:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:secure_web_server_for_tru64:5.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:hp:secure_web_server_for_tru64:5.9.2:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:10.0:*:*:*:server:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:10.0:*:*:*:desktop:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.50:*:*:*:*:*:*:*
  • AND
  • cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.11:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.22:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.23:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040809
    V
    		CVE-2004-0809
    2015-11-16
    oval:org.mitre.oval:def:9588
    V
    		The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
    2013-04-29
    oval:org.debian:def:558
    V
    		null pointer dereference
    2004-10-06
    oval:com.redhat.rhsa:def:20040463
    P
    		RHSA-2004:463: httpd security update (Moderate)
    2004-09-15
    BACK
    conectiva linux 9.0
    apache http server 2.0.50
    conectiva linux 10.0
    apache http server 2.0.47
    hp secure web server for tru64 5.1_a
    hp secure web server for tru64 5.8.1
    hp secure web server for tru64 5.8.2
    hp hp-ux 11.22
    hp hp-ux 11.23
    redhat enterprise linux 3.0
    redhat enterprise linux desktop 3.0
    hp secure web server for tru64 4.0_f
    hp secure web server for tru64 4.0_g
    hp secure web server for tru64 6.3.0
    gentoo linux 1.4
    mandrakesoft mandrake linux 9.2
    hp secure web server for tru64 5.1
    hp hp-ux 11.11
    trustix secure linux 2.0
    hp secure web server for tru64 5.0_a
    mandrakesoft mandrake linux 9.2
    hp hp-ux 11.00
    turbolinux turbolinux home *
    redhat enterprise linux 3.0
    mandrakesoft mandrake linux 10.0
    trustix secure linux 2.1
    hp secure web server for tru64 5.9.1
    hp secure web server for tru64 5.9.2
    turbolinux turbolinux server 10.0
    turbolinux turbolinux desktop 10.0
    mandrakesoft mandrake linux 10.0
    redhat enterprise linux 3.0
    apache http server 2.0.47
    apache http server 2.0.50
    hp hp-ux 11.00
    hp hp-ux 11.11
    debian debian linux 3.0
    gentoo linux *
    hp hp-ux 11.22
    conectiva linux 9.0
    trustix secure linux 2.0
    hp hp-ux 11.23
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    trustix secure linux 2.1
    mandrakesoft mandrake linux 10.0
    redhat enterprise linux 3
    conectiva linux 10
    turbolinux turbolinux home *
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0