CVE-2009-3095
Last modified
CVE-2009-3095 is a vulnerability of currently unknown severity. The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.. EPSS estimates a 12.56% chance of exploitation in the next 30 days.
Description
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Apache | Http Server | >= 2.0.35, < 2.0.64 | — |
| Apache | Http Server | >= 2.2.0, < 2.2.14 | — |
| Fedoraproject | Fedora | 10 | — |
| Fedoraproject | Fedora | 12 | — |
| Debian | Debian Linux | 4.0 | — |
| Opensuse | Opensuse | 10.3 | — |
| Opensuse | Opensuse | 11.0 | — |
| Opensuse | Opensuse | 11.1 | — |
| Suse | Linux Enterprise Desktop | 10 | Sp2 |
| Suse | Linux Enterprise Server | 9 | — |
| Suse | Linux Enterprise Server | 10 | Sp2 |
| Suse | Linux Enterprise Server | 11 | — |
| Apple | Mac Os X | < 10.6.3 | — |
References
- http://intevydis.com/vd-list.shtmlBroken Link
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=126998684522511&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=127557640302499&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=130497311408250&w=2Not Applicable, Third Party Advisory
- http://marc.info/?l=bugtraq&m=133355494609819&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://secunia.com/advisories/37152Not Applicable, Third Party Advisory
- http://support.apple.com/kb/HT4077Third Party Advisory
- http://www.debian.org/security/2009/dsa-1934Third Party Advisory
- http://www.securityfocus.com/archive/1/508075/100/0/threadedThird Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=522209Issue Tracking, Third Party Advisory
- http://intevydis.com/vd-list.shtmlBroken Link
- http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlMailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.htmlMailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=126998684522511&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=127557640302499&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://marc.info/?l=bugtraq&m=130497311408250&w=2Not Applicable, Third Party Advisory
- http://marc.info/?l=bugtraq&m=133355494609819&w=2Issue Tracking, Mailing List, Third Party Advisory
- http://secunia.com/advisories/37152Not Applicable, Third Party Advisory
- http://support.apple.com/kb/HT4077Third Party Advisory
- http://www.debian.org/security/2009/dsa-1934Third Party Advisory
- http://www.securityfocus.com/archive/1/508075/100/0/threadedThird Party Advisory, VDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=522209Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-3095?
How severe is CVE-2009-3095?
How do I fix CVE-2009-3095?
Are you affected by CVE-2009-3095?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST