9.1
CVE-2026-42535
- EPSS 0.54%
- Veröffentlicht 08.06.2026 15:14:49
- Zuletzt bearbeitet 09.06.2026 16:00:53
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache HTTP Server: mod_dav_fs protected directory access
A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. Users are recommended to upgrade to version 2.4.68, which fixes this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version < 2.4.68
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.54% | 0.41 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
https://httpd.apache.org/security/vulnerabilities_24.html
http://www.openwall.com/lists/oss-security/2026/06/08/8