CVE-2009-3095

Apache HTTP Server 2.0.35-2.0.63 - Remote Command Injection via mod_proxy_ftp Authorization Header

Title source: llm
STIX 2.1

Description

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

References (39)

Core 39
Core References
Not Applicable, Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37152
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1934
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508075/100/0/threaded
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=522209
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4077
Broken Link x_refsource_confirm
http://wiki.rpath.com/Advisories:rPSA-2009-0155
Third Party Advisory vendor-advisory x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=127557640302499&w=2
Not Applicable, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=126998684522511&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=133355494609819&w=2
Broken Link x_refsource_misc
http://intevydis.com/vd-list.shtml

Scores

EPSS 0.0384
EPSS Percentile 88.3%

Details

Status published
Products (12)
apache/http_server 2.0.35 - 2.0.64
apple/mac_os_x < 10.6.3
debian/debian_linux 4.0
fedoraproject/fedora 10
fedoraproject/fedora 12
opensuse/opensuse 10.3
opensuse/opensuse 11.0
opensuse/opensuse 11.1
suse/linux_enterprise_desktop 10 sp2 (2 CPE variants)
suse/linux_enterprise_server 9
... and 2 more
Published Sep 08, 2009
Tracked Since Feb 18, 2026