CVE-2009-3094

Apache HTTP Server 2.0.35-2.0.63 - Denial of Service via Malformed EPSV Reply

Title source: llm
STIX 2.1

Description

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.

References (40)

Core 40
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
Permissions Required, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0609
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=127557640302499&w=2
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=126998684522511&w=2
Broken Link x_refsource_misc
http://www.intevydis.com/blog/?p=59
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37152
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1934
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PK96858
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508075/100/0/threaded
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133355494609819&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
Third Party Advisory vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161
Broken Link x_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2009-0155
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=521619
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
Broken Link x_refsource_misc
http://intevydis.com/vd-list.shtml
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36549

Scores

EPSS 0.0857
EPSS Percentile 94.4%

Details

CWE
CWE-476
Status published
Products (5)
apache/http_server 2.0.35 - 2.0.64
debian/debian_linux 4.0
debian/debian_linux 5.0
fedoraproject/fedora 10
fedoraproject/fedora 12
Published Sep 08, 2009
Tracked Since Feb 18, 2026