|
|
Log in / Subscribe / Register

apache: multiple vulnerabilities

Package(s):apache CVE #(s):CVE-2009-3094 CVE-2009-3095
Created:September 22, 2009 Updated:March 1, 2010
Description: From the Mandriva advisory: Multiple vulnerabilities were discovered and corrected in apache:

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094).

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095).

Alerts:
Slackware SSA:2010-024-01 httpd 2010-01-25
Fedora FEDORA-2009-12747 httpd 2009-12-04
Fedora FEDORA-2009-12606 httpd 2009-12-04
Fedora FEDORA-2009-12604 httpd 2009-12-04
Mandriva MDVSA-2009:323 apache 2009-12-07
Red Hat RHSA-2009:1461-01 Red Hat Application Stack 2009-09-23
Mandriva MDVSA-2009:240 apache 2009-09-22
rPath rPSA-2009-0155-1 httpd 2009-11-24
rPath rPSA-2009-0154-1 httpd 2009-11-24
Debian DSA-1934-1 apache2 2009-11-16
CentOS CESA-2009:1579 httpd 2009-11-14
Red Hat RHSA-2009:1580-02 httpd 2009-11-11
Ubuntu USN-860-1 apache2 2009-11-19
CentOS CESA-2009:1580 httpd 2009-11-12
CentOS CESA-2009:1579 httpd 2009-11-12
Red Hat RHSA-2009:1579-02 httpd 2009-11-11
SuSE SUSE-SA:2009:050 apache2,libapr1 2009-10-26
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds