CVE-2009-3094NULL Pointer Dereference in Apache Http Server

CWE-476NULL Pointer Dereference8 documents8 sources
Severity
2.6LOWNVD
EPSS
2.8%
top 13.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apache Http ServerDebian LinuxFedoraproject Fedora
Timeline
PublishedSep 8
Latest updateMay 2

Description

The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

NVDapache/http_server2.0.352.0.64+1

Also affects: Debian Linux 4.0, 5.0, Fedora 10, 12

🔴Vulnerability Details

3
GHSA
GHSA-vg4c-4xc2-v43h: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp2022-05-02
OSV
CVE-2009-3094: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp2009-09-08
CVEList
CVE-2009-3094: The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp2009-09-08

📋Vendor Advisories

3
Ubuntu
Apache vulnerabilities2009-11-19
Red Hat
httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply2009-09-02
Debian
CVE-2009-3094: apache2 - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_...2009

💬Community

1
Bugzilla
CVE-2009-3094 httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply2009-09-07
CVE-2009-3094 — NULL Pointer Dereference in Apache | cvebase