5 - CVE-2004-0809

Executive Summary

Informations
Name	CVE-2004-0809	First vendor Publication	2004-09-16
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0809

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9588

Oval ID:	oval:org.mitre.oval:def:9588
Title:	The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
Description:	The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2004-0809	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3	Product(s):
Definition Synopsis:
RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section httpd-devel is earlier than 0:2.0.46-40.ent AND mod_ssl is earlier than 1:2.0.46-40.ent AND httpd is earlier than 0:2.0.46-40.ent

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Http Server cpe:2.3:a:apache:http_server:2.0.9:::::::* cpe:2.3:a:apache:http_server:2.0.50:::::::* cpe:2.3:a:apache:http_server:2.0.49:::::::* cpe:2.3:a:apache:http_server:2.0.48:::::::* cpe:2.3:a:apache:http_server:2.0.47:::::::* cpe:2.3:a:apache:http_server:2.0.46:::::::* cpe:2.3:a:apache:http_server:2.0.46::win32::::: cpe:2.3:a:apache:http_server:2.0.45:::::::* cpe:2.3:a:apache:http_server:2.0.44:::::::* cpe:2.3:a:apache:http_server:2.0.43:::::::* cpe:2.3:a:apache:http_server:2.0.42:::::::* cpe:2.3:a:apache:http_server:2.0.41:::::::* cpe:2.3:a:apache:http_server:2.0.40:::::::* cpe:2.3:a:apache:http_server:2.0.39:::::::* cpe:2.3:a:apache:http_server:2.0.38:::::::* cpe:2.3:a:apache:http_server:2.0.37:::::::* cpe:2.3:a:apache:http_server:2.0.36:::::::* cpe:2.3:a:apache:http_server:2.0.35:::::::* cpe:2.3:a:apache:http_server:2.0.34:beta:::::: cpe:2.3:a:apache:http_server:2.0.34:beta:win32:::::* cpe:2.3:a:apache:http_server:2.0.34:::::::* cpe:2.3:a:apache:http_server:2.0.33:::::::* cpe:2.3:a:apache:http_server:2.0.32:beta:::::: cpe:2.3:a:apache:http_server:2.0.32:::::::* cpe:2.3:a:apache:http_server:2.0.32:beta:win32:::::* cpe:2.3:a:apache:http_server:2.0.31:::::::* cpe:2.3:a:apache:http_server:2.0.30:::::::* cpe:2.3:a:apache:http_server:2.0.29:::::::* cpe:2.3:a:apache:http_server:2.0.28:beta:::::: cpe:2.3:a:apache:http_server:2.0.28:::::::* cpe:2.3:a:apache:http_server:2.0.28:beta:win32:::::* cpe:2.3:a:apache:http_server:2.0.27:::::::* cpe:2.3:a:apache:http_server:2.0.26:::::::* cpe:2.3:a:apache:http_server:2.0.25:::::::* cpe:2.3:a:apache:http_server:2.0.24:::::::* cpe:2.3:a:apache:http_server:2.0.23:::::::* cpe:2.3:a:apache:http_server:2.0.22:::::::* cpe:2.3:a:apache:http_server:2.0.21:::::::* cpe:2.3:a:apache:http_server:2.0.20:::::::* cpe:2.3:a:apache:http_server:2.0.19:::::::* cpe:2.3:a:apache:http_server:2.0.18:::::::* cpe:2.3:a:apache:http_server:2.0.17:::::::* cpe:2.3:a:apache:http_server:2.0.16:::::::* cpe:2.3:a:apache:http_server:2.0.15:::::::* cpe:2.3:a:apache:http_server:2.0.14:::::::* cpe:2.3:a:apache:http_server:2.0.13:::::::* cpe:2.3:a:apache:http_server:2.0.12:::::::* cpe:2.3:a:apache:http_server:2.0.11:::::::* cpe:2.3:a:apache:http_server:2.0.0:::::::* cpe:2.3:a:apache:http_server:2.0:::::::* cpe:2.3:a:apache:http_server:2.0:alpha9:::::: cpe:2.3:a:apache:http_server:1.99:::::::* cpe:2.3:a:apache:http_server:1.4.0:::::::* cpe:2.3:a:apache:http_server:1.3.9:::::::* cpe:2.3:a:apache:http_server:1.3.9::win32::::: cpe:2.3:a:apache:http_server:1.3.8:::::::* cpe:2.3:a:apache:http_server:1.3.7:::::::* cpe:2.3:a:apache:http_server:1.3.7::dev::::: cpe:2.3:a:apache:http_server:1.3.68:::::::* cpe:2.3:a:apache:http_server:1.3.65:::::::* cpe:2.3:a:apache:http_server:1.3.6:::::::* cpe:2.3:a:apache:http_server:1.3.6::win32::::: cpe:2.3:a:apache:http_server:1.3.5:::::::* cpe:2.3:a:apache:http_server:1.3.42:::::::* cpe:2.3:a:apache:http_server:1.3.41:::::::* cpe:2.3:a:apache:http_server:1.3.40:::::::* cpe:2.3:a:apache:http_server:1.3.4:::::::* cpe:2.3:a:apache:http_server:1.3.39:::::::* cpe:2.3:a:apache:http_server:1.3.38:::::::* cpe:2.3:a:apache:http_server:1.3.37:::::::* cpe:2.3:a:apache:http_server:1.3.36:::::::* cpe:2.3:a:apache:http_server:1.3.35:::::::* cpe:2.3:a:apache:http_server:1.3.34:::::::* cpe:2.3:a:apache:http_server:1.3.33:::::::* cpe:2.3:a:apache:http_server:1.3.32:::::::* cpe:2.3:a:apache:http_server:1.3.31:::::::* cpe:2.3:a:apache:http_server:1.3.30:::::::* cpe:2.3:a:apache:http_server:1.3.3:::::::* cpe:2.3:a:apache:http_server:1.3.29:::::::* cpe:2.3:a:apache:http_server:1.3.28:::::::* cpe:2.3:a:apache:http_server:1.3.27:::::::* cpe:2.3:a:apache:http_server:1.3.26:::::::* cpe:2.3:a:apache:http_server:1.3.26::win32::::: cpe:2.3:a:apache:http_server:1.3.25:::::::* cpe:2.3:a:apache:http_server:1.3.25::win32::::: cpe:2.3:a:apache:http_server:1.3.24:::::::* cpe:2.3:a:apache:http_server:1.3.24::win32::::: cpe:2.3:a:apache:http_server:1.3.23:::::::* cpe:2.3:a:apache:http_server:1.3.23::win32::::: cpe:2.3:a:apache:http_server:1.3.22:::::::* cpe:2.3:a:apache:http_server:1.3.22::win32::::: cpe:2.3:a:apache:http_server:1.3.20:::::::* cpe:2.3:a:apache:http_server:1.3.20::win32::::: cpe:2.3:a:apache:http_server:1.3.2:::::::* cpe:2.3:a:apache:http_server:1.3.19:::::::* cpe:2.3:a:apache:http_server:1.3.19::win32::::: cpe:2.3:a:apache:http_server:1.3.18:::::::* cpe:2.3:a:apache:http_server:1.3.18::win32::::: cpe:2.3:a:apache:http_server:1.3.17:::::::* cpe:2.3:a:apache:http_server:1.3.17::win32::::: cpe:2.3:a:apache:http_server:1.3.16:::::::* cpe:2.3:a:apache:http_server:1.3.16::win32::::: cpe:2.3:a:apache:http_server:1.3.15:::::::* cpe:2.3:a:apache:http_server:1.3.15::win32::::: cpe:2.3:a:apache:http_server:1.3.14:::::::* cpe:2.3:a:apache:http_server:1.3.14::win32::::: cpe:2.3:a:apache:http_server:1.3.14::mac_os::::: cpe:2.3:a:apache:http_server:1.3.13:::::::* cpe:2.3:a:apache:http_server:1.3.13::win32::::: cpe:2.3:a:apache:http_server:1.3.12:::::::* cpe:2.3:a:apache:http_server:1.3.12::win32::::: cpe:2.3:a:apache:http_server:1.3.11:::::::* cpe:2.3:a:apache:http_server:1.3.11::win32::::: cpe:2.3:a:apache:http_server:1.3.10:::::::* cpe:2.3:a:apache:http_server:1.3.1.1:::::::* cpe:2.3:a:apache:http_server:1.3.1:::::::* cpe:2.3:a:apache:http_server:1.3.0:::::::* cpe:2.3:a:apache:http_server:1.3:::::::* cpe:2.3:a:apache:http_server:1.2.9:::::::* cpe:2.3:a:apache:http_server:1.2.6:::::::* cpe:2.3:a:apache:http_server:1.2.5:::::::* cpe:2.3:a:apache:http_server:1.2.4:::::::* cpe:2.3:a:apache:http_server:1.2.0:::::::* cpe:2.3:a:apache:http_server:1.15.17:::::::* cpe:2.3:a:apache:http_server:1.1.1:::::::* cpe:2.3:a:apache:http_server:1.1:::::::* cpe:2.3:a:apache:http_server:1.0.5:::::::* cpe:2.3:a:apache:http_server:1.0.3:::::::* cpe:2.3:a:apache:http_server:1.0.2:::::::* cpe:2.3:a:apache:http_server:1.0:::::::* cpe:2.3:a:apache:http_server:0.8.14:::::::* cpe:2.3:a:apache:http_server:0.8.11:::::::* cpe:2.3:a:apache:http_server:::::::: cpe:2.3:a:apache:http_server:::win32:::::* cpe:2.3:a:apache:http_server:-:::::::*	135
Application	Hp Secure Web Server For Tru64 cpe:2.3:a:hp:secure_web_server_for_tru64:6.3.0:::::::* cpe:2.3:a:hp:secure_web_server_for_tru64:5.9.2:::::::* cpe:2.3:a:hp:secure_web_server_for_tru64:5.9.1:::::::* cpe:2.3:a:hp:secure_web_server_for_tru64:5.8.2:::::::* cpe:2.3:a:hp:secure_web_server_for_tru64:5.8.1:::::::* cpe:2.3:a:hp:secure_web_server_for_tru64:5.1_a:::::::* cpe:2.3:a:hp:secure_web_server_for_tru64:5.1:::::::* cpe:2.3:a:hp:secure_web_server_for_tru64:5.0_a:::::::* cpe:2.3:a:hp:secure_web_server_for_tru64:4.0_g:::::::* cpe:2.3:a:hp:secure_web_server_for_tru64:4.0_f:::::::*	10
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:3.0:::::::*	1
Os	Gentoo Linux cpe:2.3:o:gentoo:linux:1.4:::::::*	1
Os	Hp Hp-Ux cpe:2.3:o:hp:hp-ux:11.23::ia64_64-bit::::: cpe:2.3:o:hp:hp-ux:11.22:::::::* cpe:2.3:o:hp:hp-ux:11.11:::::::* cpe:2.3:o:hp:hp-ux:11.00:::::::*	4
Os	Mandrakesoft Mandrake Linux cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:::::::* cpe:2.3:o:mandrakesoft:mandrake_linux:10.0::amd64::::: cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:::::::* cpe:2.3:o:mandrakesoft:mandrake_linux:9.2::amd64:::::	4
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server::::: cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server::::: cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::	3
Os	Redhat Enterprise Linux Desktop cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*	1
Os	Trustix Secure Linux cpe:2.3:o:trustix:secure_linux:2.1:::::::* cpe:2.3:o:trustix:secure_linux:2.0:::::::*	2
Os	Turbolinux Turbolinux Desktop cpe:2.3:o:turbolinux:turbolinux_desktop:10.0:::::::*	1
Os	Turbolinux Turbolinux Home cpe:2.3:o:turbolinux:turbolinux_home::::::::	1
Os	Turbolinux Turbolinux Server cpe:2.3:o:turbolinux:turbolinux_server:10.0:::::::*	1

OpenVAS Exploits

Date	Description
2009-10-10	Name : SLES9: Security update for Apache 2 File : nvt/sles9p5009547.nasl
2009-10-10	Name : SLES9: Security update for webdav apache module File : nvt/sles9p5013988.nasl
2009-05-05	Name : HP-UX Update for Apache with PHP HPSBUX01090 File : nvt/gb_hp_ux_HPSBUX01090.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200409-21 (apache) File : nvt/glsa_200409_21.nasl
2008-09-04	Name : FreeBSD Ports: apache File : nvt/freebsd_apache4.nasl
2008-01-17	Name : Debian Security Advisory DSA 558-1 (libapache-mod-dav) File : nvt/deb_558_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
9948	mod_dav for Apache HTTP Server LOCK Request DoS Apache mod_dav contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a particular sequence of LOCK requests and will result in loss of availability for the httpd child process.

Nessus® Vulnerability Scanner

Date	Description
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_9363.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_013fa252072411d9b45d000c41e2cdad.nasl - Type : ACT_GATHER_INFO
2004-11-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-558.nasl - Type : ACT_GATHER_INFO
2004-09-24	Name : The remote Fedora Core host is missing a security update. File : fedora_2004-313.nasl - Type : ACT_GATHER_INFO
2004-09-17	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200409-21.nasl - Type : ACT_GATHER_INFO
2004-09-16	Name : The remote web server is affected by multiple vulnerabilities. File : apache_2_0_51.nasl - Type : ACT_GATHER_INFO
2004-09-16	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-096.nasl - Type : ACT_GATHER_INFO
2004-09-15	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2004-463.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
CONFIRM	http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&...
DEBIAN	http://www.debian.org/security/2004/dsa-558
GENTOO	http://www.gentoo.org/security/en/glsa/glsa-200409-21.xml
MANDRAKE	http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:096
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2004-463.html
TRUSTIX	http://www.trustix.org/errata/2004/0047/
XF	https://exchange.xforce.ibmcloud.com/vulnerabilities/17366

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-02-02 01:02:37	Multiple Updates
2024-02-01 12:01:33	Multiple Updates
2023-11-07 21:48:10	Multiple Updates
2023-09-05 12:02:29	Multiple Updates
2023-09-05 01:01:24	Multiple Updates
2023-09-02 12:02:30	Multiple Updates
2023-09-02 01:01:24	Multiple Updates
2023-08-12 12:03:02	Multiple Updates
2023-08-12 01:01:24	Multiple Updates
2023-08-11 12:02:37	Multiple Updates
2023-08-11 01:01:26	Multiple Updates
2023-08-06 12:02:25	Multiple Updates
2023-08-06 01:01:25	Multiple Updates
2023-08-04 12:02:28	Multiple Updates
2023-08-04 01:01:26	Multiple Updates
2023-07-14 12:02:27	Multiple Updates
2023-07-14 01:01:26	Multiple Updates
2023-03-29 01:02:29	Multiple Updates
2023-03-28 12:01:31	Multiple Updates
2022-10-11 12:02:11	Multiple Updates
2022-10-11 01:01:18	Multiple Updates
2022-09-23 21:27:41	Multiple Updates
2021-06-06 17:23:04	Multiple Updates
2021-05-04 12:02:42	Multiple Updates
2021-04-22 01:02:54	Multiple Updates
2021-03-30 17:22:46	Multiple Updates
2020-05-23 00:15:53	Multiple Updates
2019-08-27 12:01:25	Multiple Updates
2017-10-11 09:23:23	Multiple Updates
2017-07-11 12:01:30	Multiple Updates
2016-04-26 12:53:20	Multiple Updates
2014-02-17 10:27:59	Multiple Updates
2013-05-11 11:43:05	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	164
Sources(s)	20
osvdb(s)	1
Openvas Exploit(s)	6
Nessus® Exploit(s)	8

	Related
5.5	CVE-2020-13938
5	RHSA-2004:463
5	DSA-558
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

5 - CVE-2004-0809

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU