CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.0%
Apache HTTP SERVER PROJECT reports:
mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn
with the source href (sent as part of the request body as XML) pointing
to a URI that is not configured for DAV will trigger a segfault.
mod_session_dbd: Make sure that dirty flag is respected when saving
sessions, and ensure the session ID is changed each time the session
changes. This changes the format of the updatesession SQL statement.
Existing configurations must be changed.