Apple has posted a security update for Mac OS X Server that updates Apache 2.0.45 to 2.0.46. Apple’s release notes say that the update “addresses a security hole in the mod_dav module that could be exploited remotely causing an Apache Web server process to crash.”
Additionally, the update prevents the exposure of a user’s password when using the dsimportexport tool. Apache 1.3 is unaffected and is the primary Web server on Mac OS X Server. Apache 2.0 is installed with Mac OS X Server, but turned off by default.
The security update is a 735KB download. It’s for Mac OS X Server 10.2.6 only.