CVE ID:	CVE-2009-3095
Description:	The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
Test IDs:	1.3.6.1.4.1.25623.1.0.66987   1.3.6.1.4.1.25623.1.0.66557   1.3.6.1.4.1.25623.1.0.66498   1.3.6.1.4.1.25623.1.0.900842
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3095 Bugtraq: 20091124 rPSA-2009-0155-1 httpd mod_ssl (Google Search) http://www.securityfocus.com/archive/1/archive/1/508075/100/0/threaded http://intevydis.com/vd-list.shtml http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html Debian Security Information: DSA-1934 (Google Search) http://www.debian.org/security/2009/dsa-1934 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html HPdes Security Advisory: HPSBOV02683 http://marc.info/?l=bugtraq&m=130497311408250&w=2 HPdes Security Advisory: SSRT090208 http://marc.info/?l=bugtraq&m=130497311408250&w=2 SuSE Security Announcement: SUSE-SA:2009:050 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8662 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9363 http://secunia.com/advisories/37152

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: