Below is a snippet from the apache advisory.
Apache 2.0.46 Major changes
Security vulnerabilities closed since Apache 2.0.45
*) SECURITY [CAN-2003-0245]: Fixed a bug that could be triggered
remotely through mod_dav and possibly other mechanisms, causing
an Apache child process to crash. The crash was first reported
by David Endler and was researched and
fixed by Joe Orton . Details will be released
on 30 May 2003.
*) SECURITY [CAN-2003-0189]: Fixed a denial-of-service vulnerability
affecting basic authentication on Unix platforms related to
thread-safety in apr_password_validate(). The problem was reported
by John Hughes
