CVE-2004-0809
First published: Thu Sep 16 2004(Updated: )
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Http Server | >=2.0.35<2.0.51 | |
| HP Secure Web Server for Tru64 | =4.0_f | |
| HP Secure Web Server for Tru64 | =4.0_g | |
| HP Secure Web Server for Tru64 | =5.0_a | |
| HP Secure Web Server for Tru64 | =5.1 | |
| HP Secure Web Server for Tru64 | =5.1_a | |
| HP Secure Web Server for Tru64 | =5.8.1 | |
| HP Secure Web Server for Tru64 | =5.8.2 | |
| HP Secure Web Server for Tru64 | =5.9.1 | |
| HP Secure Web Server for Tru64 | =5.9.2 | |
| HP Secure Web Server for Tru64 | =6.3.0 | |
| Gentoo Linux | =1.4 | |
| HPE HP-UX | =11.00 | |
| HPE HP-UX | =11.11 | |
| HPE HP-UX | =11.22 | |
| HPE HP-UX | =11.23 | |
| Mandrake Linux | =9.2 | |
| Mandrake Linux | =9.2 | |
| Mandrake Linux | =10.0 | |
| Mandrake Linux | =10.0 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =3.0 | |
| Red Hat Enterprise Linux | =3.0 | |
| redhat enterprise Linux desktop | =3.0 | |
| Trustix Secure Linux | =2.0 | |
| Trustix Secure Linux | =2.1 | |
| TurboLinux Desktop | =10.0 | |
| Turbolinux | ||
| Turbolinux Server | =10.0 | |
| Debian | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml
- http://www.debian.org/security/2004/dsa-558
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096
- http://www.redhat.com/support/errata/RHSA-2004-463.html
- http://www.trustix.org/errata/2004/0047/
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17366
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9588
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2004-0809?
CVE-2004-0809 is classified as a denial of service vulnerability due to the potential for child process crashes in Apache servers.
How do I fix CVE-2004-0809?
To fix CVE-2004-0809, you should upgrade to Apache version 2.0.51 or later to mitigate the vulnerability.
What systems are affected by CVE-2004-0809?
CVE-2004-0809 affects Apache 2.0.50 and earlier, along with several versions of HP Secure Web Server for Tru64 and other operating systems listed in its documentation.
What types of attacks exploit CVE-2004-0809?
Exploitation of CVE-2004-0809 involves sending a specific sequence of LOCK requests to cause a denial of service.
Is CVE-2004-0809 a critical security issue?
Yes, CVE-2004-0809 is considered a critical security issue due to its ability to disrupt server availability through denial of service.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/remedy
- agent/description
- agent/event
- agent/source
- agent/author
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/apache
- product/http server
- canonical/apache http server
- vendor/hp
- product/secure web server for tru64
- canonical/hp secure web server for tru64
- product/hp-ux
- canonical/hp hp-ux
- vendor/trustix
- product/secure linux
- canonical/trustix secure linux
- vendor/redhat
- product/enterprise linux desktop
- canonical/redhat enterprise linux desktop
- product/enterprise linux
- canonical/redhat enterprise linux
- vendor/mandrakesoft
- product/mandrake linux
- canonical/mandrakesoft mandrake linux
- vendor/turbolinux
- product/turbolinux home
- canonical/turbolinux turbolinux home
- vendor/gentoo
- product/linux
- canonical/gentoo linux
- product/turbolinux server
- canonical/turbolinux turbolinux server
- product/turbolinux desktop
- canonical/turbolinux turbolinux desktop
- vendor/debian
- product/debian linux
- canonical/debian debian linux
- collector/nvd-index
- version/apache http server/2.0.35
- version/hp secure web server for tru64/4.0_f
- version/hp secure web server for tru64/4.0_g
- version/hp secure web server for tru64/5.0_a
- version/hp secure web server for tru64/5.1
- version/hp secure web server for tru64/5.1_a
- version/hp secure web server for tru64/5.8.1
- version/hp secure web server for tru64/5.8.2
- version/hp secure web server for tru64/5.9.1
- version/hp secure web server for tru64/5.9.2
- version/hp secure web server for tru64/6.3.0
- version/gentoo linux/1.4
- canonical/hpe hp-ux
- version/hpe hp-ux/11.00
- version/hpe hp-ux/11.11
- version/hpe hp-ux/11.22
- version/hpe hp-ux/11.23
- canonical/mandrake linux
- version/mandrake linux/9.2
- version/mandrake linux/10.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/3.0
- version/redhat enterprise linux desktop/3.0
- version/trustix secure linux/2.0
- version/trustix secure linux/2.1
- canonical/turbolinux desktop
- version/turbolinux desktop/10.0
- canonical/turbolinux
- canonical/turbolinux server
- version/turbolinux server/10.0
- canonical/debian gnu/linux
- version/debian gnu/linux/3.0