CVE-2009-3095

Description

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

References

http://intevydis.com/vd-list.shtml

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html

http://marc.info/?l=bugtraq&m=126998684522511&w=2

http://marc.info/?l=bugtraq&m=127557640302499&w=2

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://marc.info/?l=bugtraq&m=133355494609819&w=2

http://secunia.com/advisories/37152

http://support.apple.com/kb/HT4077

http://wiki.rpath.com/Advisories:rPSA-2009-0155

http://www.debian.org/security/2009/dsa-1934

http://www.securityfocus.com/archive/1/508075/100/0/threaded

https://bugzilla.redhat.com/show_bug.cgi?id=522209

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8662

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9363

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html

Details

Risk Information

CVSS v2.0