For the second time in as many months, the Apache Software Foundation released an updated version of the popular open-source Web server software, only to warn users of a critical security hole in previous versions of the software that the update patches. The new version of Apache, 2.0.46, was described as "principally a security and bug fix release" in a bulletin released by the open-source organization Wednesday. Among those fixes is a patch for a security hole in the mod_dav module that could be exploited remotely, causing an Apache Web server process to crash, according to the bulletin.
Mod_dav is an open-source module that provides WebDAV (World Wide Web Distributed Authoring and Versioning) protocol support for the Apache Web server. WebDAV is a set of extensions to Hypertext Transfer Protocol that allows users to edit and manage files on remote Web servers. The protocol is designed to create interoperable, collaborative applications that facilitate geographically dispersed "virtual" software development teams.