CVE-2009-3095 — Apache Http Server vulnerability

9 documents9 sources

Severity

5.0MEDIUMNVD

EPSS

3.0%

top 13.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Apple MAC OS X Debian Linux +4 more

Timeline

PublishedSep 8

Latest updateMay 2

Description

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDapache/http_server2.0.35 — 2.0.64+1

▶NVDsuse/linux_enterprise_server10, 11, 9+2

▶NVDapple/mac_os_x< 10.6.3

▶NVDopensuse/opensuse10.3, 11.0, 11.1+2

▶NVDsuse/linux_enterprise_desktop10

Also affects: Debian Linux 4.0, Fedora 10, 12

🔴Vulnerability Details

GHSA

GHSA-w532-9px6-hv54: The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FT↗2022-05-02

▶

CVEList

CVE-2009-3095: The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FT↗2009-09-08

▶

OSV

CVE-2009-3095: The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FT↗2009-09-08

▶

📋Vendor Advisories

Ubuntu

Apache vulnerabilities↗2009-11-19

▶

Red Hat

httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header↗2009-09-03

▶

Debian

CVE-2009-3095: apache2 - The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to by...↗2009

▶

Apache

Apache httpd: CVE-2009-3095↗

▶

💬Community

Bugzilla

CVE-2009-3095 httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header↗2009-09-09

▶