CVE-2009-3095

MEDIUM

Description

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

References

http://intevydis.com/vd-list.shtml

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html

http://marc.info/?l=bugtraq&m=126998684522511&w=2

http://marc.info/?l=bugtraq&m=127557640302499&w=2

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://marc.info/?l=bugtraq&m=133355494609819&w=2

http://secunia.com/advisories/37152

http://support.apple.com/kb/HT4077

http://wiki.rpath.com/Advisories:rPSA-2009-0155

http://www.debian.org/security/2009/dsa-1934

http://www.securityfocus.com/archive/1/508075/100/0/threaded

https://bugzilla.redhat.com/show_bug.cgi?id=522209

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8662

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9363

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html

Details

Source: MITRE

Published: 2009-09-08

Updated: 2021-03-30

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions from 2.2.0 to 2.2.13 (inclusive)

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
67959Oracle Linux 4 : httpd (ELSA-2009-1580)NessusOracle Linux Local Security Checks
high
67958Oracle Linux 3 / 5 : httpd (ELSA-2009-1579)NessusOracle Linux Local Security Checks
high
67074CentOS 4 : httpd (CESA-2009:1580)NessusCentOS Local Security Checks
high
67073CentOS 3 / 5 : httpd (CESA-2009:1579)NessusCentOS Local Security Checks
high
60695Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
50069Apache 2.0.x < 2.0.64 Multiple VulnerabilitiesNessusWeb Servers
high
49826SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6572)NessusSuSE Local Security Checks
high
47168Fedora 11 : httpd-2.2.14-1.fc11 (2009-12747)NessusFedora Local Security Checks
high
5489Mac OS X < 10.6.3 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
45373Mac OS X Multiple Vulnerabilities (Security Update 2010-002)NessusMacOS X Local Security Checks
critical
45372Mac OS X 10.6.x < 10.6.3 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
44799Debian DSA-1934-1 : apache2 - multiple issuesNessusDebian Local Security Checks
high
44120Slackware 12.0 / 12.1 / 12.2 / 13.0 / current : httpd (SSA:2010-024-01)NessusSlackware Local Security Checks
high
43329Fedora 12 : httpd-2.2.14-1.fc12 (2009-12606)NessusFedora Local Security Checks
high
43090Fedora 10 : httpd-2.2.14-1.fc10 (2009-12604)NessusFedora Local Security Checks
high
43042Mandriva Linux Security Advisory : apache (MDVSA-2009:323)NessusMandriva Local Security Checks
high
42858Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : apache2 vulnerabilities (USN-860-1)NessusUbuntu Local Security Checks
high
42470RHEL 4 : httpd (RHSA-2009:1580)NessusRed Hat Local Security Checks
high
42469RHEL 3 / 5 : httpd (RHSA-2009:1579)NessusRed Hat Local Security Checks
high
42319openSUSE 10 Security Update : apache2 (apache2-6576)NessusSuSE Local Security Checks
high
42253SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6571)NessusSuSE Local Security Checks
high
42252SuSE 11 Security Update : Apache 2 (SAT Patch Number 1417)NessusSuSE Local Security Checks
high
42248openSUSE Security Update : apache2 (apache2-1419)NessusSuSE Local Security Checks
high
42245openSUSE Security Update : apache2 (apache2-1419)NessusSuSE Local Security Checks
high
42243SuSE9 Security Update : Apache 2 (YOU Patch Number 12526)NessusSuSE Local Security Checks
high
42052Apache 2.2.x < 2.2.14 Multiple VulnerabilitiesNessusWeb Servers
high
800574Apache < 2.2.14 Multiple VulnerabilitiesLog Correlation EngineWeb Servers
high
5196Apache < 2.2.14 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
41049Mandriva Linux Security Advisory : apache (MDVSA-2009:240)NessusMandriva Local Security Checks
high