The host is installed with Apache HTTP Server 2.2.x before 2.2.25 and is prone to a denial of service vulnerability. The flaw is present in the application, which does not properly determine whether DAV is enabled for a URI via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. Successful exploitation allows remote attackers to cause a denial of service (segmentation fault).