A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0. Users are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock.
2.4.52-1ubuntu4.202.4.58-1ubuntu8.122.4.64-1ubuntu3.42.4.66-2ubuntu2.12.4.6-2ubuntu22.4.6-2ubuntu32.4.6-2ubuntu42.4.7-1ubuntu12.4.7-1ubuntu22.4.7-1ubuntu32.4.7-1ubuntu42.4.7-1ubuntu4.12.4.7-1ubuntu4.102.4.7-1ubuntu4.11+25 more2.4.12-2ubuntu22.4.17-1ubuntu12.4.17-2ubuntu12.4.17-3ubuntu12.4.18-1ubuntu12.4.18-2ubuntu12.4.18-2ubuntu22.4.18-2ubuntu32.4.18-2ubuntu3.12.4.18-2ubuntu3.10+28 more2.4.27-2ubuntu32.4.29-1ubuntu12.4.29-1ubuntu22.4.29-1ubuntu32.4.29-1ubuntu42.4.29-1ubuntu4.12.4.29-1ubuntu4.102.4.29-1ubuntu4.112.4.29-1ubuntu4.122.4.29-1ubuntu4.13+27 more2.4.41-1ubuntu12.4.41-4ubuntu12.4.41-4ubuntu22.4.41-4ubuntu32.4.41-4ubuntu3.12.4.41-4ubuntu3.102.4.41-4ubuntu3.112.4.41-4ubuntu3.122.4.41-4ubuntu3.132.4.41-4ubuntu3.14+16 moreExploitability
AV:NAC:LPR:NUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H