A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HApache HTTP Server
APPApache< 2.4.68
Related vulnerabilities
Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could ...
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a ...
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
Use-after-free w Apache HTTP Server z mod_ldap (CVE-2026-29167)