Description
A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious request.mod_dav_lock is not used internally by mod_dav or mod_dav_fs. The only known use-case for mod_dav_lock was mod_dav_svn from Apache Subversion earlier than version 1.2.0. Users are recommended to upgrade to version 2.4.66, which fixes this issue, or remove mod_dav_lock.
Remediation
References
Related Vulnerabilities
WordPress Plugin Event Calendar WD-Responsive Event Calendar Cross-Site Scripting (1.0.93)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-59018)
SharePoint CVE-2020-1440 Vulnerability (CVE-2020-1440)
WordPress Plugin WP Booking Calendar Multiple Vulnerabilities (3.0.0)
Jenkins Improper Input Validation Vulnerability (CVE-2017-1000394)